Bugtraq mailing list archives

Re: login -h

From: adam () bwh harvard edu (Adam Shostack)
Date: Thu, 8 Dec 94 9:54:09 EST


You wrote:

| >>>>> "EA" == Ed Arnold <era () ucar edu> writes:
| 
|   EA> James Bonfield wrote:
|   >> A typical spoof would be:
|   >> 
|   >> rlogin targethost -l -htargethost
|   >> 
|   >> Then type in the user and password. It'll then appear to last, who and
|   >> probably finger, on targethost that the user has logged in from that
|   >> system, not from remotely.

|   EA> Both 4.1.3_U1 and AIX 3.2.5 appear to be safe ...
| 
| But not on AIX 3.2.4, on this system this Trick does its work.

        Try the -f abuse on that 3.2.4 system.  I seem to remember IBM
fixing -h at the same time as -f.  I think the syntax was rlogin -l
-froot hostname 

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume

Current thread:

login -h Bonfield James (Dec 07)
- Re: login -h Alexander Haiut (Dec 08)
- <Possible follow-ups>
- Re: login -h Pete Hartman (Dec 07)
  - Re: login -h Casper Dik (Dec 07)
- Re: login -h Ed Arnold (Dec 07)
  - Re: login -h Bogdan Pelc (Dec 08)
    - Re: login -h Adam Shostack (Dec 08)
- Re: login -h Michael Bresnahan (Dec 07)
  - Re: login -h Robert M. Haas (Dec 08)
- Re: login -h H Morrow Long (Dec 08)
- Re: login -h der Mouse (Dec 08)