Insta-root via bsd-ish rlogind (Re: Security hole in AIX rlogin)

Richard Johnson (Richard.Johnson@colorado.edu)
Sat, 21 May 1994 13:59:52 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul Daw: "rlogind on Pyramid systems."
Previous message: peter@freedom.nmsu.edu: "AIX rlogind"
In reply to: Pug: "Fun! (fwd)"

IBM's emergency patch for the rlogin <host> -l -f... password check
disable problem is available as:

ftp://software.watson.ibm.com/pub/rlogin/rlogin.tar.Z

Note that this hole is supposedly present in many bsd-ish systems.  My
HP/UX (9.0) and SunOs (4.1.{2|3} & 5.3) systems are OK, but my hp-bsd
systems appear to allow a -f.  Your mileage may vary.

Here's the first part of IBM's readme:

>  APAR IX44254 -- rlogin security hole
>
>  This document describes how to apply the emergency patch for APAR
>  IX44254.  This emergency patch is not the permanent solution to this
>  problem, it merely provides a means to restore rlogin functionality
>  in a more secure manner.
>
>  ...


Richard

Next message: Paul Daw: "rlogind on Pyramid systems."
Previous message: peter@freedom.nmsu.edu: "AIX rlogind"
In reply to: Pug: "Fun! (fwd)"