CVE-2002-0557

Name of the Vulnerable Software and Affected Versions OpenBSD version 3.0

Description The issue causes problems when using YP with netgroups in the password database. This can lead to unauthorized access, where (1) rexec or (2) rsh can run another user's shell, or (3) atrun can change to a different user's directory. The cause might be related to memory allocation failures or an incorrect call to auth approval().

Recommendations For OpenBSD version 3.0, consider restricting the use of YP with netgroups in the password database until a fix is available. As a temporary workaround, limit the use of rexec, rsh, and atrun to minimize the risk of exploitation.