OpenBSD rexecd, rshd, atrun BSD Authentication Implementation Error Vulnerability

At least three OpenBSD userland utilities contain errors in the implementation of BSD authentication that may have security implications. Under certain circumstances, conditions may occur in rexecd, rshd and atrun where properties of users other than those of the process owner may be used. For example, rexecd may run with the shell of another user and atrun may chdir() to another user's home directory. This may occur when YP/NIS is in use.

In some environments, this may be a security concern (for example, if restricted shells are set for certain users).


 

Privacy Statement
Copyright 2010, SecurityFocus