August 23, 2001

NetBSD: dump and dump_lfs vulnerability

Author: JT Smith

From "The dump(8) command (installed as /sbin/dump) and the dump_lfs(8)
command (installed as /sbin/dump_lfs) are setgid tty. dump(8) and
dump_lfs(8) did not drop those setgid tty rights while performing
functions other than those the rights were provided for, including
execution of a user supplied RCMD_CMD environment variable."


  • Linux
Click Here!