-----BEGIN PGP SIGNED MESSAGE----- CA-89:07 CERT Advisory October 26, 1989 Sun RCP vulnerability - ----------------------------------------------------------------------------- A problem has been discovered in the SunOS 4.0.x rcp. If exploited, this problem can allow users of other trusted machines to execute root-privilege commands on a Sun via rcp. This affects only SunOS 4.0.x systems; 3.5 systems are not affected. A Sun running 4.0.x rcp can be exploited by any other trusted host listed in /etc/hosts.equiv or /.rhosts. Note that the other machine exploiting this hole does not have to be running Unix; this vulnerability can be exploited by a PC running PC/NFS, for example. This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314), but for now the following workaround is suggested by Sun: Change the 'nobody' /etc/passwd file entry from nobody:*:-2:-2::/: to nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell If you need further information about this problem, please contact CERT by electronic mail or phone. - ----------------------------------------------------------------------------- Computer Emergency Response Team (CERT) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Internet: cert@cert.org Telephone: 412-268-7090 24-hour hotline: CERT personnel answer 7:30a.m.-6:00p.m. EST, on call for emergencies other hours. Past advisories and other information are available for anonymous ftp from cert.org (192.88.209.5). -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMaMwdHVP+x0t4w7BAQEBIgQAiCG7EKfDyc4uiFM7XLDu8QV07sgVLu/t DZjjt8zURlBvjlkPf2NLdZr15w+DrtjHKFwbUPMEfy7k9K3CHOVi7o1CeTsBQPhD JCQvzjGZ4RBHz7oC857qkecV45DAh1hgX5bYYZqDFFgqtDaIIMZ7bXuz9C+lky45 YVshgM88QO4= =p0DR -----END PGP SIGNATURE-----