Bugtraq mailing list archives
Insta-root via bsd-ish rlogind (Re: Security hole in AIX rlogin)
From: Richard.Johnson () colorado edu (Richard Johnson)
Date: Sat, 21 May 1994 13:59:52 -0600
IBM's emergency patch for the rlogin <host> -l -f... password check disable problem is available as: ftp://software.watson.ibm.com/pub/rlogin/rlogin.tar.Z Note that this hole is supposedly present in many bsd-ish systems. My HP/UX (9.0) and SunOs (4.1.{2|3} & 5.3) systems are OK, but my hp-bsd systems appear to allow a -f. Your mileage may vary. Here's the first part of IBM's readme:
APAR IX44254 -- rlogin security hole This document describes how to apply the emergency patch for APAR IX44254. This emergency patch is not the permanent solution to this problem, it merely provides a means to restore rlogin functionality in a more secure manner. ...
Richard
Current thread:
- Fun! (fwd) Pug (May 21)
- Insta-root via bsd-ish rlogind (Re: Security hole in AIX rlogin) Richard Johnson (May 21)
- rlogind on Pyramid systems. Paul Daw (May 21)