SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   RSHD Vendors:   OpenBSD
OpenBSD 'rshd' Remote Shell Daemon May Let Remote Users Execute Commands As a Different User
SecurityTracker Alert ID:  1004026
SecurityTracker URL:  http://securitytracker.com/id/1004026
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 11 2002
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   OpenBSD reported a vulnerability in the rshd(8) remote shell daemon. A local or remote user may be able to execute shell commands with a different user's identity.

Under certain conditions and when a system uses YP with netgroups in the password database, it may be possible for a remote user to cause the rshd(8) and rexecd(8) daemons to execute the shell from a different user's password entry. [There is a separate alert for the rexecd vulnerability.]

This only affects OpenBSD 3.0. Prior versions of OpenBSD are reportedly not affected.

Impact:   A remote user may be able to cause the rshd(8) daemon to execute the shell from a different user's password entry.
Solution:   The following patch has been in the 3.0-stable branch for some time:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch

Vendor URL:  www.openbsd.org/errata.html (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.0

Message History:   None.


 Source Message Contents

Subject:  OpenBSD 3.0: Bug in rshd(8) and rexecd(8)


Under certain conditions, on systems using YP with netgroups in the
password database, it is possible for the rshd(8) and rexecd(8)
daemons to execute the shell from a different user's password entry.
Due to a similar problem, atrun(8) may change to the wrong home
directory when running at(1) jobs.

This only affects OpenBSD 3.0.  Prior versions of OpenBSD are not
affected.  The following patch has been in the 3.0-stable branch
for some time:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC