Re: Linux rlogin hole with libc 5.x

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Aleph One: "HP-UX B.10.01 vulnerability"
• Previous message: Alan Brown: "Re: brute force"
• In reply to: Alan Brown: "Re: Linux rlogin hole with libc 5.x"
• Next in thread: Alan Brown: "Re: brute force"

alan wrote :
>
> The hole in the 5.x libraries is known and specifically warned about in
> the kernel documentation file which discusses updating to ELF.
>
> The hole is fixed in libc5.3.12 and later.
>
> Be warned that the 5.x series Libc's are currently classed as "experimental"
>
> The simple solution to the problem is to disable rlogin. There's little
> point leaving any inetd service open unless it's actually being used.
>
> AB
>
      RedHat 3.0.3 and Slackware actually are exposed because it use
      libc-5.2.18, don-t know if it was pointed . I havent received
      a copy from the original message called:
      "Linux rlogin hole with libc 5.x"
      plese sendme a copy.

      I ve just remove rlogin rshd & rexec from inetd.conf
      from a couple of linux boxes.

     Cheers
Pablo

• Next message: Aleph One: "HP-UX B.10.01 vulnerability"
• Previous message: Alan Brown: "Re: brute force"
• In reply to: Alan Brown: "Re: Linux rlogin hole with libc 5.x"
• Next in thread: Alan Brown: "Re: brute force"