rcvtty Arbitrary Command Execution Vulnerability

rcvtty is a component of the unix NH mail system. The version of rcvtty for BSD/OS systems is known to contain a vulnerability that may allow local users to elevate their privileges.

The problem occurs in the ability of rcvtty to execute programs on the system without first dropping SGID priviledges. A shell script run through rcvtty would result in the contents of the shell script being executed with a SGID of tty. This creates the potential for a malicious user to gain elevated system priviledges.


Privacy Statement
Copyright 2010, SecurityFocus