Bugtraq mailing list archives
OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd)
From: Jonas Eriksson <je () sekure net>
Date: Fri, 12 Apr 2002 09:34:45 +0200 (CEST)
---------- Forwarded message ---------- Date: Thu, 11 Apr 2002 12:43:19 -0600 From: Todd C. Miller <Todd.Miller () courtesan com> To: security-announce () openbsd org Subject: OpenBSD 3.0: Bug in rshd(8) and rexecd(8) Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the rshd(8) and rexecd(8) daemons to execute the shell from a different user's password entry. Due to a similar problem, atrun(8) may change to the wrong home directory when running at(1) jobs. This only affects OpenBSD 3.0. Prior versions of OpenBSD are not affected. The following patch has been in the 3.0-stable branch for some time: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch
Current thread:
- OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd) Jonas Eriksson (Apr 12)