Bugtraq mailing list archives

Re: -froot??? (AIX rlogin bug)

From: drussell () gisws6 rtpnc epa gov (DFRussell)
Date: Mon, 1 Aug 1994 08:37:51 -0400


|ericw () fx com (Eric Wedaa) writes:
|
|> Someone over on the firewalls mailing list just threw out this tidbit:
|> 
|>    rlogin aix.machine -l -froot
|> 
|> For instance:
|>  
|>    rlogin foobar -l -froot
|> 
|> This gives you root access on any AIX 3.2.X machine.
|> 
|> Does anyone have any history on this trapdoor?  Apparently
|> it also existed in Linux several generations ago.
|> 
|
|That's a bit old, and I believe IBM has at least an "unofficial" fix for
|it now.  

This was patched quite some time ago...

The APAR # is IX44254 -- it is available through "fixdist" via
aix.boulder.ibm.com.

|I run some Linux systems, and I haven't seen the problem in any of the
|Linux 1.x releases.
|
|b
|--
|# Baba Z Buehler
|# Beckman Institute Systems Services, Urbana Illinois
|#
|#  "How come that big box of bright ideas you sent
|#   me is the one they say fell off the truck?"  -- Butch Hancock
|#
|# WWW: http://www.beckman.uiuc.edu/groups/biss/people/baba/
|# PGP Public Key available via finger baba () beckman uiuc edu
|

Current thread:

Re: -froot??? (AIX rlogin bug) Bill Heiser (Aug 01)
- Re: -froot??? (AIX rlogin bug) irvdwijk () cs vu nl (Aug 01)
- SunOs bug G.J.W. Hagenaars (Aug 02)
- The things you can find with Mosaic Daniel R Ehrlich (Aug 02)
- vixie cron Jonathan M. Bresler (Aug 02)
  - Re: vixie cron Ollivier ROBERT (Aug 03)
- <Possible follow-ups>
- Re: -froot??? (AIX rlogin bug) DFRussell (Aug 01)
- Re: -froot??? (AIX rlogin bug) Derik Jarne x353-2490 (Aug 01)