Description
rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.
Affected products
- RedHat / linux4.0 – 4.0
- slackware / slackware_linux3.1 – 3.1
References
- MAILING_LISThttp://marc.info/?l=bugtraq&m=87602167420509&w=2