Bugtraq mailing list archives
Re: AIX rlogind
From: mrgreen () mame mu oz au (matthew green)
Date: Sat, 04 Jun 1994 14:27:20 +1000
: I've just checked DEC OSF/1 V2.0. This seems to be partially ok. The -froot : method won't work (I get complaints about -r, -o, and -t being unknown options : which implies its -f option doesn't take an argument). However the -h trick is : still available (but is obviously less severe). I'm not sure it is less severe. Can't it be used for host spoofing when using rlogin - just set up a user of the appropriate name on your own host and rlogin -l -htrusted.host ??? (I haven't been able to test this yet because I don't have any untrusted hosts handy that can get through the log_tcp blocking!)
i believe it is only able to fool utmp/wtmp type things. using the ``-l -htrusted.host'' hack trashes the -remote- username you would normally pass. i may be wrong.
Current thread:
- Re: AIX rlogind Graham Toal (Jun 03)
- Re: AIX rlogind matthew green (Jun 03)