rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Next | Next | 2.0 (including) | 2.0 (including) |
| Next | Next | 2.1 (including) | 2.1 (including) |
| Irix | Sgi | 3.3 (including) | 3.3 (including) |
| Irix | Sgi | 3.3.1 (including) | 3.3.1 (including) |
| Irix | Sgi | 3.3.2 (including) | 3.3.2 (including) |
| Irix | Sgi | 3.3.3 (including) | 3.3.3 (including) |
| Irix | Sgi | 4.0 (including) | 4.0 (including) |
References
- http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
- http://www.cert.org/advisories/CA-91.20.rdist.vulnerability
- http://www.iss.net/security_center/static/7160.php
- http://www.osvdb.org/8106
- http://www.securityfocus.com/bid/31
- http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
- http://www.cert.org/advisories/CA-91.20.rdist.vulnerability
- http://www.iss.net/security_center/static/7160.php
- http://www.osvdb.org/8106
- http://www.securityfocus.com/bid/31