Re: login -h

Adam Shostack (adam@bwh.harvard.edu)
Thu, 8 Dec 94 9:54:09 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: H Morrow Long: "Re: login -h"
Previous message: Christopher Samuel: "Re: Race conditions"
In reply to: Bogdan Pelc: "Re: login -h"
Next in thread: Michael Bresnahan: "Re: login -h"

You wrote:

| >>>>> "EA" == Ed Arnold <era@ucar.edu> writes:
| 
|   EA> James Bonfield wrote:
|   >> A typical spoof would be:
|   >> 
|   >> rlogin targethost -l -htargethost
|   >> 
|   >> Then type in the user and password. It'll then appear to last, who and
|   >> probably finger, on targethost that the user has logged in from that
|   >> system, not from remotely.

|   EA> Both 4.1.3_U1 and AIX 3.2.5 appear to be safe ...
| 
| But not on AIX 3.2.4, on this system this Trick does its work.

	Try the -f abuse on that 3.2.4 system.  I seem to remember IBM
fixing -h at the same time as -f.  I think the syntax was rlogin -l
-froot hostname 

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume

Next message: H Morrow Long: "Re: login -h"
Previous message: Christopher Samuel: "Re: Race conditions"
In reply to: Bogdan Pelc: "Re: login -h"
Next in thread: Michael Bresnahan: "Re: login -h"