[ Home | Liste | F.A.Q. | Risorse | Cerca... ]


[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]


Archivio: openbsd@sikurezza.org
Soggetto: [Todd.Miller<at>courtesan.com: OpenBSD 3.0: Bug in rshd(8) and rexecd(8)]
Mittente: Igor Falcomata'
Data: 11 Apr 2002 23:29:04 -0000
----- Forwarded message from "Todd C. Miller" <Todd.Miller<at>courtesan.com> -----

To: security-announce<at>openbsd.org
Subject: OpenBSD 3.0: Bug in rshd(8) and rexecd(8)
Date: Thu, 11 Apr 2002 12:43:19 -0600
From: "Todd C. Miller" <Todd.Miller<at>courtesan.com>

Under certain conditions, on systems using YP with netgroups in the
password database, it is possible for the rshd(8) and rexecd(8)
daemons to execute the shell from a different user's password entry.
Due to a similar problem, atrun(8) may change to the wrong home
directory when running at(1) jobs.

This only affects OpenBSD 3.0.  Prior versions of OpenBSD are not
affected.  The following patch has been in the 3.0-stable branch
for some time:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch

----- End forwarded message -----

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List




[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005