Original issue date: October 26, 1989<BR> Last revised: September 17, 1997<BR> Attached copyright statement <P>A complete revision history is at the end of this file. <P>A problem has been discovered in the SunOS 4.0.x rcp. If exploited, this problem can allow users of other trusted machines to execute root-privilege commands on a Sun via rcp. <P>This affects only SunOS 4.0.x systems; 3.5 systems are not affected. <P>A Sun running 4.0.x rcp can be exploited by any other trusted host listed in /etc/hosts.equiv or /.rhosts. Note that the other machine exploiting this hole does not have to be running Unix; this<BR> vulnerability can be exploited by a PC running PC/NFS, for example. <P>This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314), but for now the following workaround is suggested by Sun: <P>Change the 'nobody' /etc/passwd file entry from <PRE> nobody:*:-2:-2::/: </PRE> to <PRE> nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell </PRE> If you need further information about this problem, please contact CERT/CC by electronic mail or phone. <!--#include virtual="/include/footer_nocopyright.html" --> <P>Copyright 1989 Carnegie Mellon University.</P> <HR> Revision History <PRE> September 17,1997 Attached Copyright Statement </PRE> |