Bugtraq mailing list archives
Re: rlogin can be used to change finger information
From: casper () Holland Sun COM (Casper Dik)
Date: Fri, 02 Jun 1995 14:20:26 +0200
The recent note about hiding from finger reminded me of a problem with rlogin on some systems (not SunOS 4 or Solaris 2 it seems). When the -l -froot flaw was noticed I quickly realised that whilst few systems suffered from -froot, more suffered from -hhostname (including OSF/1 V3.0, Concentrix 3.0.00).
This is a flaw common to systems that have rlogind do the authentication. Sun systems use the older method of letting login handle the rlogin protocol. If rlogind hadnles the protocol, the username argument gets passed on the commandline. If login handles the protocol, the username can take any shape or form but will only be handled as username.
On such systems an 'rlogin machine -l -hhostname' will write 'hostname' to the last log information rather than your real hostname. This shouldn't pose problems to those using the tcp wrappers though (I prefer these to wtmp any way as the fields in wtmp are just too short).
Some systems have 256 bytes wtmp entries, that's enough for most hostnames. Casper
Current thread:
- Re: [8lgm]-Advisory-17.UNIX.sendmail Mark Graff (Jun 01)
- login can be used to hide from finger under SunOS 4.13u1 David Sacerdote (Jun 01)
- Re: login can be used to hide from finger under SunOS 4.13u1 Casper Dik (Jun 02)
- rlogin can be used to change finger information Bonfield James (Jun 02)
- Cisco IP packet filtering vulnerablility Paul Traina (Jun 01)
- Re: Cisco IP packet filtering vulnerablility Darren Reed (Jun 02)
- lsof 3.29 -- good news and bad Vic Abell (Jun 02)
- Re: rlogin can be used to change finger information Casper Dik (Jun 02)
- Re: login can be used to hide from finger under SunOS 4.13u1 Karl Strickland (Jun 02)
- login can be used to hide from finger under SunOS 4.13u1 David Sacerdote (Jun 01)
- Re: [8lgm]-Advisory-17.UNIX.sendmail Karl Strickland (Jun 01)