Bugtraq mailing list archives

Re: -froot??? (AIX rlogin bug)

From: irvdwijk () cs vu nl (irvdwijk () cs vu nl)
Date: Mon, 1 Aug 1994 21:16:19 +0200 (MET DST)


Someone wrote:



Baba Z Buehler wrote this:


I run some Linux systems, and I haven't seen the problem in any of the
Linux 1.x releases.

I have access to several linux systems, and almost everyone had problems
(when the bug ws first reported)


Note that "Linux 1.x" refers to the KERNEL patchlevel ... and I doubt
this has much, if any, effect on the behavior of the RLOGIN daemon.

It has nothing to do with the kernel release, it's a bug in login  (at 
least, that's what I think, login should not accept -fusername without a 
space in between). You could also see it as a bug in programs that execve 
login without checking for a username starting with a '-'

People running LINUX will need to check their particular
DISTRIBUTION (i.e. Slackware, Debian, SLS, etc) for any bug 
they want to investigate.


I haven't really checked, but I heard that the latest Slackware was distributed
with the buggy, extremely insecure vixie cron (of course, together with 
thousands of other security holes in the distribution)

Re: this particular probelm (rlogin) .. I have been unable to reproduce
it in Slackware 1.2 systems.


Don't forget that this bug is also in telnetd and getty! (And perhaps even more,
these are the only ones I know of). I don't know if AIX has problems
with getty/telnetd (those bugs are fixed at the AIX machine I have access
to), but linux sure has. For example, 
- Try at the console to login as '-froot'
  (or another user, but if -froot doesn't work, the rest doesn't probably 
  either)
- try:
  $ USER=root
  $ export USER
  $ telnet target -a # automatic login
  (it could also be -l login, or both...)
  Of course, your telnet client should support the -a/-l switch (linux' telnet 
  does)

Also, if -froot doesn't work on your site, check if -fanotherexistingusername
works, root logins are usually denied from ttyp*



-- 
Bill Heiser   @Work heiser () ed ray com  + + + +  @Home: bill () bhhome ci net



        Ivo
-- 
------------------------------------------------------------------------
Name:     Ivo van der Wijk  | It won't give up it wants me dead
Internet: irvdwijk () cs vu nl | this goddamn noise inside my head
IRC:      VladDrac          |                                |\|||/| 
URL:      http://www.hut.nl/users/ivo
------------------------------------------------------------------------

Current thread:

Re: -froot??? (AIX rlogin bug) Bill Heiser (Aug 01)
- Re: -froot??? (AIX rlogin bug) irvdwijk () cs vu nl (Aug 01)
- SunOs bug G.J.W. Hagenaars (Aug 02)
- The things you can find with Mosaic Daniel R Ehrlich (Aug 02)
- vixie cron Jonathan M. Bresler (Aug 02)
  - Re: vixie cron Ollivier ROBERT (Aug 03)
- <Possible follow-ups>
- Re: -froot??? (AIX rlogin bug) DFRussell (Aug 01)
- Re: -froot??? (AIX rlogin bug) Derik Jarne x353-2490 (Aug 01)