Users login

Create an account »


Users login

Home » Hacking News » OpenBSD 3.0: Bug in rshd(8) and rexecd(8)

OpenBSD 3.0: Bug in rshd(8) and rexecd(8)

by Nikola Strahija on April 12th, 2002 Under certain conditions, on systems using YP with netgroups in the password database, it is possible for the rshd(8) and rexecd(8) daemons to execute the shell from a different user's password entry. Due to a similar problem, atrun(8) may change to the wrong home directory when running at(1) jobs.

This only affects OpenBSD 3.0, prior versions are not affected.

Patch is available.

Vulnerability reported by

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »