Author: JT Smith
From LinuxSecurity.com: “The dump(8) command (installed as /sbin/dump) and the dump_lfs(8)
command (installed as /sbin/dump_lfs) are setgid tty. dump(8) and
dump_lfs(8) did not drop those setgid tty rights while performing
functions other than those the rights were provided for, including
execution of a user supplied RCMD_CMD environment variable.”
command (installed as /sbin/dump_lfs) are setgid tty. dump(8) and
dump_lfs(8) did not drop those setgid tty rights while performing
functions other than those the rights were provided for, including
execution of a user supplied RCMD_CMD environment variable.”
Category:
- Linux
