Bugtraq mailing list archives

Re: -froot??? (AIX rlogin bug)

From: Derik.Jarne () osi com (Derik Jarne x353-2490)
Date: Mon, 1 Aug 94 10:24:47 PDT


The bug that is described here can easily be stopped by disabling login
for IBM machines. However, this makes telnet the only means to get into 
the desired machine.

I was looking at a sh script written by "dougmc () graphite comco com (Doug McLaren)"
it in essence grabs the offending parameters and logs the attempts with 
/usr/bin/logger. Nothing complex here but the process of inserting this script
into the loop of login process works but is complicated by the TSM
Terminal State Management.

I know this is not reporting a bug or describing a bug, but it falls into the
rhelm of how to fix a hole. I think TSM will do the security for us but I not sure 
how this TSM is setup and maintained, Does anyone have working knowledge of these 
process/processes? 

Thanks in advance

Derik.Jarne () osi com

Current thread:

Re: -froot??? (AIX rlogin bug) Bill Heiser (Aug 01)
- Re: -froot??? (AIX rlogin bug) irvdwijk () cs vu nl (Aug 01)
- SunOs bug G.J.W. Hagenaars (Aug 02)
- The things you can find with Mosaic Daniel R Ehrlich (Aug 02)
- vixie cron Jonathan M. Bresler (Aug 02)
  - Re: vixie cron Ollivier ROBERT (Aug 03)
- <Possible follow-ups>
- Re: -froot??? (AIX rlogin bug) DFRussell (Aug 01)
- Re: -froot??? (AIX rlogin bug) Derik Jarne x353-2490 (Aug 01)