Pages in the Historical section of this site are provided for historical purposes, they are no longer maintained. Links may not work.

Original issue date: October 26, 1989
Last revised: September 17, 1997
Attached copyright statement

A complete revision history is at the end of this file.

A problem has been discovered in the SunOS 4.0.x rcp. If exploited, this problem can allow users of other trusted machines to execute root-privilege commands on a Sun via rcp.

This affects only SunOS 4.0.x systems; 3.5 systems are not affected.

A Sun running 4.0.x rcp can be exploited by any other trusted host listed in /etc/hosts.equiv or /.rhosts. Note that the other machine exploiting this hole does not have to be running Unix; this
vulnerability can be exploited by a PC running PC/NFS, for example.

This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314), but for now the following workaround is suggested by Sun:

Change the 'nobody' /etc/passwd file entry from

nobody:*:-2:-2::/:
to
nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell
If you need further information about this problem, please contact CERT/CC by electronic mail or phone.

Copyright 1989 Carnegie Mellon University.


Revision History
September 17,1997  Attached Copyright Statement
  • No labels