Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Linux rcp bug
From: miro () CCWF CC UTEXAS EDU (Miroslav Pikus)
Date: Tue, 4 Feb 1997 00:33:03 -0600

Is 4.0 vulnerable or not? This didn't seem to make it clear.

Yes, try it. I have RH 4.0 installed, and it is vulnerable, if user nobody
has uid 65535. For instance this would apply to admins who upgraded to
RedHat 4.0 from some other older distribution and kept the original
/etc/passwd file, which I think is common.

Of course if you installed 4.0 from scratch on an epmty hard drive, you
would have the default RedHat /etc/passwd, which has user nobody under uid

In any case, I think /usr/bin/rcp should be fixed in RH 4.0.

Miro Pikus.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]