The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Netbsd | Netbsd | 1.4 | 1.4 |
Netbsd | Netbsd | 1.4.1 | 1.4.1 |
Netbsd | Netbsd | 1.4.2 | 1.4.2 |
Netbsd | Netbsd | 1.4.3 | 1.4.3 |
Netbsd | Netbsd | 1.5 | 1.5 |
Netbsd | Netbsd | 1.5.1 | 1.5.1 |