textfiles/internet/CERT/cert0008.txt

-----BEGIN PGP SIGNED MESSAGE-----


CA-89:07
                                 CERT Advisory
                               October 26, 1989
                             Sun RCP vulnerability       
- -----------------------------------------------------------------------------

A problem has been discovered in the SunOS 4.0.x rcp.  If exploited,
this problem can allow users of other trusted machines to execute
root-privilege commands on a Sun via rcp.

This affects only SunOS 4.0.x systems; 3.5 systems are not affected.

A Sun running 4.0.x rcp can be exploited by any other trusted host
listed in /etc/hosts.equiv or /.rhosts.  Note that the other machine
exploiting this hole does not have to be running Unix; this
vulnerability can be exploited by a PC running PC/NFS, for example.

This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314),
but for now the following workaround is suggested by Sun:

Change the 'nobody' /etc/passwd file entry from

nobody:*:-2:-2::/:

to

nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell


If you need further information about this problem, please contact
CERT by electronic mail or phone.

- -----------------------------------------------------------------------------
Computer Emergency Response Team (CERT)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet: cert@cert.org
Telephone: 412-268-7090 24-hour hotline: CERT personnel answer
           7:30a.m.-6:00p.m. EST, on call for
           emergencies other hours.

Past advisories and other information are available for anonymous ftp
from cert.org (192.88.209.5).

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaMwdHVP+x0t4w7BAQEBIgQAiCG7EKfDyc4uiFM7XLDu8QV07sgVLu/t
DZjjt8zURlBvjlkPf2NLdZr15w+DrtjHKFwbUPMEfy7k9K3CHOVi7o1CeTsBQPhD
JCQvzjGZ4RBHz7oC857qkecV45DAh1hgX5bYYZqDFFgqtDaIIMZ7bXuz9C+lky45
YVshgM88QO4=
=p0DR
-----END PGP SIGNATURE-----