Issue :
Dump can be manipulated by an attacker through the RSH environment variable, which is used to specify the shell binary to be used for remote backups. By manipulating this variable and invoking Dump via rundump, an attacker can execute arbitrary code with root privileges.
Fix:
Filter the RSH environmental settings being passed to DUMP program
Issue : Dump can be manipulated by an attacker through the RSH environment variable, which is used to specify the shell binary to be used for remote backups. By manipulating this variable and invoking Dump via rundump, an attacker can execute arbitrary code with root privileges.
Fix: Filter the RSH environmental settings being passed to DUMP program