Child pages
  • CERT Advisory CA-1989-07 Sun RCP vulnerability

Pages in the Historical section of this site are provided for historical purposes, they are no longer maintained. Links may not work.

Skip to end of metadata
Go to start of metadata
Original issue date: October 26, 1989
Last revised: September 17, 1997
Attached copyright statement

A complete revision history is at the end of this file.

A problem has been discovered in the SunOS 4.0.x rcp. If exploited, this problem can allow users of other trusted machines to execute root-privilege commands on a Sun via rcp.

This affects only SunOS 4.0.x systems; 3.5 systems are not affected.

A Sun running 4.0.x rcp can be exploited by any other trusted host listed in /etc/hosts.equiv or /.rhosts. Note that the other machine exploiting this hole does not have to be running Unix; this
vulnerability can be exploited by a PC running PC/NFS, for example.

This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314), but for now the following workaround is suggested by Sun:

Change the 'nobody' /etc/passwd file entry from

nobody:*:-2:-2::/:
to
nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell
If you need further information about this problem, please contact CERT/CC by electronic mail or phone.

Copyright 1989 Carnegie Mellon University.


Revision History
September 17,1997  Attached Copyright Statement
  • No labels