- Issued:
- 2009-04-15
- Updated:
- 2009-09-02
RHBA-2009:0423 - rsh bug fix update
Synopsis
rsh bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated rsh packages that resolve several issues are now available.
Description
The rsh-server package contains programs which allow users to run commands on remote machines, log in to other machines, copy files between machines (rsh, rlogin and rcp), and provides an alternate method of executing remote commands (rexec). All of these programs are run by xinetd and can be configured through the Pluggable Authentication Modules (PAM) system, and through configuration files in the /etc/xinetd.d/ directory.
These updated rsh packages provide fixes for the following bugs:
-
rsh did not set any of the environment variables listed in the /etc/security/pam_env.conf configuration file, and thus rsh users did not have access to that environment. With this update, rsh correctly reads and sets the environment variables listed in /etc/security/pam_env.conf, thus resolving the issue.
-
the rexec(1) man page stated that the maximum length of the username on the remote system was restricted to 16 characters. Internally, however, rexec limited the maximum username length to 14 characters. rexec's maximum username length has been increased to 16 characters, which corresponds to the value given in the manual page, and which resolves the issue.
-
when copying data to a full NFS directory, rcp failed silently and did not report an error, which led to silent data loss. With this update, rcp does report an error under this condition.
All users of rsh are advised to upgrade to these updated packages, which resolve these issues.
Solution
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- rsh-0.17-40.el5.x86_64.rpm
- rsh-0.17-40.el5.ppc.rpm
- rsh-server-0.17-40.el5.x86_64.rpm
- rsh-server-0.17-40.el5.s390x.rpm
- rsh-server-0.17-40.el5.ppc.rpm
- rsh-0.17-40.el5.src.rpm
- rsh-server-0.17-40.el5.i386.rpm
- rsh-0.17-40.el5.i386.rpm
- rsh-server-0.17-40.el5.ia64.rpm
- rsh-0.17-40.el5.s390x.rpm
- rsh-0.17-40.el5.ia64.rpm
Fixes
- This content is not included.BZ - 434938
- This content is not included.BZ - 436748
- This content is not included.BZ - 461903
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.