BSD systems using YP with netgroups in the password database

bsd-yp-execute-shell (8625) The risk level is classified as MediumMedium Risk


A vulnerability regarding implementation errors in OpenBSD using YP (the "Yellow Pages" network information system) with netgroups in the password database could allow some processes to gain unauthorized privileges. This vulnerability could allow processes, such as rexecd and rshd to execute the shell from another user and cause atrun to change to another user?s home directory when running 'at(1)' jobs.


Gain Privileges


Apply the latest patches for rshd, rexecd, and atrun, as listed in OpenBSD Security Advisory, March 19, 2002. See References.


  • OpenBSD Security Advisory, March 19, 2002: 016: SECURITY FIX: March 19, 2002.
  • BID-4338: OpenBSD rexecd, rshd, atrun BSD Authentication Implementation Error Vulnerability
  • CVE-2002-0557: Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
  • OSVDB ID: 59557: OpenBSD YP w/ netgroups Cross-user Privilege Escalation

Platforms Affected:

  • OpenBSD OpenBSD 3.0


Mar 19, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page