rcvtty Arbitrary Command Execution Vulnerability
BID:2009
Info
rcvtty Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 2009 |
| Class: | Input Validation Error |
| CVE: |
CVE-2000-1103 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 27 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | This vulnerability was first posted to BugTraq by Vade79 <[email protected]> on November 27, 2000. |
| Vulnerable: |
BSDI BSD/OS 4.0.1 BSDI BSD/OS 4.0 BSDI BSD/OS 3.1 BSDI BSD/OS 3.0 |
| Not Vulnerable: | |
Discussion
rcvtty Arbitrary Command Execution Vulnerability
rcvtty is a component of the unix NH mail system. The version of rcvtty for BSD/OS systems is known to contain a vulnerability that may allow local users to elevate their privileges.
The problem occurs in the ability of rcvtty to execute programs on the system without first dropping SGID priviledges. A shell script run through rcvtty would result in the contents of the shell script being executed with a SGID of tty. This creates the potential for a malicious user to gain elevated system priviledges.
rcvtty is a component of the unix NH mail system. The version of rcvtty for BSD/OS systems is known to contain a vulnerability that may allow local users to elevate their privileges.
The problem occurs in the ability of rcvtty to execute programs on the system without first dropping SGID priviledges. A shell script run through rcvtty would result in the contents of the shell script being executed with a SGID of tty. This creates the potential for a malicious user to gain elevated system priviledges.
Exploit / POC
rcvtty Arbitrary Command Execution Vulnerability
exploit available
exploit available
References
rcvtty Arbitrary Command Execution Vulnerability
References:
References: