|
|
AT&T TCP/IP /usr/etc/rexecd Vulnerability
A vulnerability has been identified in AT&T TCP/IP Release 4.0 running on SVR4 systems for both the 386/486 and 3B2 RISC platforms where root privileges may be accessed through the use of /usr/etc/rexecd. A user on a remote machine may be able to run commands as root on the target host (the host running the affected /usr/etc/rexecd). The problem does not exist in TCP/IP release 3.2 for SVR3, or any earlier versions of the TCP/IP product running on either the 3B2 or 386 platforms. The version of TCP/IP distributed with SVR4 by UNIX(r) System Laboratories, Inc. (a subsidiary of AT&T) does not contain this vulnerability. |
|
Privacy Statement |