Description
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
Affected products
- bsdi / bsd_os3.0 – 3.0
- bsdi / bsd_os3.1 – 3.1
- bsdi / bsd_os4.0 – 4.0
- bsdi / bsd_os4.0.1 – 4.0.1