OpenBSD: 'rshd/rexecd' Unauthorized access
Posted by LinuxSecurity.com Team   
OpenBSD Under certain conditions, on systems using YP with netgroups in thepassword database, it is possible for the rshd(8) and rexecd(8)daemons to execute the shell from a different user's password entry.

Date: Thu, 11 Apr 2002 12:43:19 -0600
From: Todd C. Miller <Todd.Miller@courtesan.com>
To: security-announce@openbsd.org
Subject: OpenBSD 3.0: Bug in rshd(8) and rexecd(8)

Under certain conditions, on systems using YP with netgroups in the
password database, it is possible for the rshd(8) and rexecd(8)
daemons to execute the shell from a different user's password entry.
Due to a similar problem, atrun(8) may change to the wrong home
directory when running at(1) jobs.

This only affects OpenBSD 3.0.  Prior versions of OpenBSD are not
affected.  The following patch has been in the 3.0-stable branch
for some time:
     ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/016_approval.patch