[ SOURCE: http://www.secureroot.com/security/advisories/9640245427.html ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CA-89:07 Last revised: September 17,1997 Attached copyright statement CERT Advisory October 26, 1989 Sun RCP vulnerability - ----------------------------------------------------------------------------- A problem has been discovered in the SunOS 4.0.x rcp. If exploited, this problem can allow users of other trusted machines to execute root-privilege commands on a Sun via rcp. This affects only SunOS 4.0.x systems; 3.5 systems are not affected. A Sun running 4.0.x rcp can be exploited by any other trusted host listed in /etc/hosts.equiv or /.rhosts. Note that the other machine exploiting this hole does not have to be running Unix; this vulnerability can be exploited by a PC running PC/NFS, for example. This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314), but for now the following workaround is suggested by Sun: Change the 'nobody' /etc/passwd file entry from nobody:*:-2:-2::/: to nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell If you need further information about this problem, please contact CERT by electronic mail or phone. - ----------------------------------------------------------------------------- Computer Emergency Response Team (CERT) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Internet: cert@cert.org Telephone: 412-268-7090 24-hour hotline: CERT personnel answer 7:30a.m.-6:00p.m. EST, on call for emergencies other hours. Past advisories and other information are available for anonymous ftp from cert.org (192.88.209.5). - -------------------------------------------------------------------------- Copyright 1989 Carnegie Mellon University. Conditions for use, disclaimers, and sponsorship information can be found in http://www.cert.org/legal_stuff.html and ftp://ftp.cert.org/pub/legal_stuff . If you do not have FTP or web access, send mail to cert@cert.org with "copyright" in the subject line. CERT is registered in the U.S. Patent and Trademark Office. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Revision history September 17,1997 Attached Copyright Statement -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBOBS8sVr9kb5qlZHQEQIBzgCeO8NhNed0NofGn1uMIsoSQwt7ZFwAoIfw 6DjB6s7WANGWcepnc/xfTArM =t8Bp -----END PGP SIGNATURE-----