home *** CD-ROM | disk | FTP | other *** search
-
- CA-89:07
- CERT Advisory
- October 26, 1989
- Sun RCP vulnerability
- -----------------------------------------------------------------------------
-
- A problem has been discovered in the SunOS 4.0.x rcp. If exploited,
- this problem can allow users of other trusted machines to execute
- root-privilege commands on a Sun via rcp.
-
- This affects only SunOS 4.0.x systems; 3.5 systems are not affected.
-
- A Sun running 4.0.x rcp can be exploited by any other trusted host
- listed in /etc/hosts.equiv or /.rhosts. Note that the other machine
- exploiting this hole does not have to be running Unix; this
- vulnerability can be exploited by a PC running PC/NFS, for example.
-
- This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314),
- but for now the following workaround is suggested by Sun:
-
- Change the 'nobody' /etc/passwd file entry from
-
- nobody:*:-2:-2::/:
-
- to
-
- nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell
-
-
- If you need further information about this problem, please contact
- CERT by electronic mail or phone.
-
- -----------------------------------------------------------------------------
- J. Paul Holbrook
- Computer Emergency Response Team (CERT)
- Software Engineering Institute
- Carnegie Mellon University
- Pittsburgh, PA 15213-3890
-
- Internet: cert@cert.sei.cmu.edu
- Telephone: 412-268-7090 24-hour hotline: CERT personnel answer
- 7:30a.m.-6:00p.m. EST, on call for
- emergencies other hours.
-
- Past advisories and other information are available for anonymous ftp
- from cert.sei.cmu.edu (192.88.209.5).
-
