Last revised: September 17, 1997
Attached copyright statement
A complete revision history is at the end of this file.
A problem has been discovered in the SunOS 4.0.x rcp. If exploited, this problem can allow users of other trusted machines to execute root-privilege commands on a Sun via rcp.
This affects only SunOS 4.0.x systems; 3.5 systems are not affected.
A Sun running 4.0.x rcp can be exploited by any other trusted host
listed in /etc/hosts.equiv or /.rhosts. Note that the other machine
exploiting this hole does not have to be running Unix; this
vulnerability can be exploited by a PC running PC/NFS, for example.
This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314), but for now the following workaround is suggested by Sun:
Change the 'nobody' /etc/passwd file entry from
nobody:*:-2:-2::/:to
nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshellIf you need further information about this problem, please contact CERT/CC by electronic mail or phone.
Copyright 1989 Carnegie Mellon University.
Revision History
September 17,1997 Attached Copyright Statement