Bugtraq mailing list archives

Re: [linux-security] sliplogin (fwd)

From: nate () mt sri com (Nate Williams)
Date: Tue, 16 Jul 1996 19:27:12 -0500


[ Linux sliplogin bug ]

Interesting.  The code is the same on FreeBSD, it looks like.  However, on
the default distributed system, there isn't a /etc/sliphome directory,
which is necessary for sliplogin to startup correctly.  Therefore the
standard FreeBSD distribution dies out before it gets anywhere near the
system command. If you do run slip off of your system however, its much
more possible that bad things can happen..


Also, note the following:

revision 1.6
date: 1996/04/24 20:18:25;  author: pst;  state: Exp;  lines: +9 -0
Close a security hole in sliplogin.
If you use sliplogin as a user shell (in /etc/passwd) upgrade to this version.
Reviewed by:    bde, peter
Submitted by:   AUS CERT
Obtained from:  Linux sliplogin-2.02

So, even if you setup /etc/sliphome, your system won't be vulnerable.


Nate

Current thread:

Re: brute force Jacob Langseth (Jul 10)
- Re: brute force Buckaroo Banzai (Jul 16)
- Holly Wars Aleph One (Jul 16)
- [linux-security] sliplogin (fwd) Paul Danckaert (Jul 16)
  - Re: [linux-security] sliplogin (fwd) Nate Williams (Jul 16)
  - HP/UX 10.01 Remote Administration accoun Matt Barrie SYD (Jul 16)
  - locate Ian Otsane (Jul 16)
    - Re: locate Christian Limpach (Jul 17)
  - FreeBSD Security Advisory 96:17 - rzsz FreeBSD Security Officer (Jul 17)
  - FreeBSD Security Advisory 96:16 - rdist FreeBSD Security Officer (Jul 17)