---------- Forwarded message ---------- Date: Thu, 11 Apr 2002 12:43:19 -0600 From: Todd C. Miller <Todd.Millerat_private> To: security-announceat_private Subject: OpenBSD 3.0: Bug in rshd(8) and rexecd(8) Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the rshd(8) and rexecd(8) daemons to execute the shell from a different user's password entry. Due to a similar problem, atrun(8) may change to the wrong home directory when running at(1) jobs. This only affects OpenBSD 3.0. Prior versions of OpenBSD are not affected. The following patch has been in the 3.0-stable branch for some time: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch
This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 11:26:55 PDT