Original issue date: October 26, 1989<BR>
Last revised: September 17, 1997<BR>
Attached copyright statement

<P>A complete revision history is at the end of this file.

<P>A problem has been discovered in the SunOS 4.0.x rcp.  If exploited,
this problem can allow users of other trusted machines to execute
root-privilege commands on a Sun via rcp.

<P>This affects only SunOS 4.0.x systems; 3.5 systems are not affected.

<P>A Sun running 4.0.x rcp can be exploited by any other trusted host
listed in /etc/hosts.equiv or /.rhosts.  Note that the other machine
exploiting this hole does not have to be running Unix; this<BR>
vulnerability can be exploited by a PC running PC/NFS, for example.

<P>This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314),
but for now the following workaround is suggested by Sun:

<P>Change the 'nobody' /etc/passwd file entry from
<PRE>
nobody:*:-2:-2::/:
</PRE>
to
<PRE>
nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell
</PRE>

If you need further information about this problem, please contact CERT/CC by
electronic mail or phone.

<!--#include virtual="/include/footer_nocopyright.html" -->
<P>Copyright 1989 Carnegie Mellon University.</P>

<HR>

Revision History
<PRE>
September 17,1997  Attached Copyright Statement
</PRE>