rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bsd_os | Bsdi | 3.0 | 3.0 |
Bsd_os | Bsdi | 3.1 | 3.1 |
Bsd_os | Bsdi | 4.0 | 4.0 |
Bsd_os | Bsdi | 4.0.1 | 4.0.1 |