rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local malicious users to gain privileges by specifying an alternate Trojan horse script on the command line.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bsdi bsd os 4.0.1 |
||
bsdi bsd os 3.0 |
||
bsdi bsd os 3.1 |
||
bsdi bsd os 4.0 |