[3999] in bugtraq
Re: Linux rcp bug
daemon@ATHENA.MIT.EDU (Miroslav Pikus)
Tue Feb 4 10:22:10 1997
Date: Tue, 4 Feb 1997 00:33:03 -0600
Reply-To: Miroslav Pikus <miro@CCWF.CC.UTEXAS.EDU>
From: Miroslav Pikus <miro@CCWF.CC.UTEXAS.EDU>
To: BUGTRAQ@netspace.org
In-Reply-To: <Pine.LNX.3.95.970204010727.10867G-100000@helix.cs.cuc.edu>
> Is 4.0 vulnerable or not? This didn't seem to make it clear.
Yes, try it. I have RH 4.0 installed, and it is vulnerable, if user nobody
has uid 65535. For instance this would apply to admins who upgraded to
RedHat 4.0 from some other older distribution and kept the original
/etc/passwd file, which I think is common.
Of course if you installed 4.0 from scratch on an epmty hard drive, you
would have the default RedHat /etc/passwd, which has user nobody under uid
99.
In any case, I think /usr/bin/rcp should be fixed in RH 4.0.
Miro Pikus.
