The BuildDisk program is a utility used on NeXT systems to manage disk partitions. However, before version 2.0, the program would not prompt users for the root password, allowing local users to gain root privileges.
The BuildDisk program is a utility used on NeXT systems to manage disk partitions. However, before version 2.0, the program would not prompt users for the root password, allowing local users to gain root privileges.
You're affected if you use BuildDisk versions prior to 2.0 on NeXT systems. To check if your system is affected, run the command which builddisk in your terminal. If the command exists but doesn't have execute permissions, you might be affected.
To fix this vulnerability, upgrade to BuildDisk version 2.0 or later. Alternatively, as a temporary measure, set the rootpw variable to an empty string before running the program: export rootpw="" && builddisk.