The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x up to and including 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netbsd netbsd 1.4 |
||
netbsd netbsd 1.4.1 |
||
netbsd netbsd 1.5 |
||
netbsd netbsd 1.5.1 |
||
netbsd netbsd 1.4.2 |
||
netbsd netbsd 1.4.3 |