|
CERT Advisory #11
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
CERT Advisory
October 26, 1989
Sun RCP vulnerability
A problem has been discovered in the SunOS 4.0.x rcp. If exploited,
this problem can allow users of other trusted machines to execute
root-privilege commands on a Sun via rcp.
This affects only SunOS 4.0.x systems; 3.5 systems are not affected.
A Sun running 4.0.x rcp can be exploited by any other trusted host
listed in /etc/hosts.equiv or /.rhosts. Note that the other machine
exploiting this hole does not have to be running Unix; this
vulnerability can be exploited by a PC running PC/NFS, for example.
This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314),
but for now the following workaround is suggested by Sun:
Change the 'nobody' /etc/passwd file entry from
nobody:*:-2:-2::/:
to
nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell
If you need further information about this problem, please contact
CERT by electronic mail or phone.
J. Paul Holbrook
Computer Emergency Response Team (CERT)
Carnegie Mellon University
Software Engineering Institute
Internet: <[email protected]>
(412) 268-7090 (24 hour hotline)
|
|