Bugtraq mailing list archives
Re: -froot??? (AIX rlogin bug)
From: irvdwijk () cs vu nl (irvdwijk () cs vu nl)
Date: Mon, 1 Aug 1994 21:16:19 +0200 (MET DST)
Someone wrote:
Baba Z Buehler wrote this:I run some Linux systems, and I haven't seen the problem in any of the Linux 1.x releases.
I have access to several linux systems, and almost everyone had problems (when the bug ws first reported)
Note that "Linux 1.x" refers to the KERNEL patchlevel ... and I doubt this has much, if any, effect on the behavior of the RLOGIN daemon.
It has nothing to do with the kernel release, it's a bug in login (at least, that's what I think, login should not accept -fusername without a space in between). You could also see it as a bug in programs that execve login without checking for a username starting with a '-'
People running LINUX will need to check their particular DISTRIBUTION (i.e. Slackware, Debian, SLS, etc) for any bug they want to investigate.
I haven't really checked, but I heard that the latest Slackware was distributed with the buggy, extremely insecure vixie cron (of course, together with thousands of other security holes in the distribution)
Re: this particular probelm (rlogin) .. I have been unable to reproduce it in Slackware 1.2 systems.
Don't forget that this bug is also in telnetd and getty! (And perhaps even more, these are the only ones I know of). I don't know if AIX has problems with getty/telnetd (those bugs are fixed at the AIX machine I have access to), but linux sure has. For example, - Try at the console to login as '-froot' (or another user, but if -froot doesn't work, the rest doesn't probably either) - try: $ USER=root $ export USER $ telnet target -a # automatic login (it could also be -l login, or both...) Of course, your telnet client should support the -a/-l switch (linux' telnet does) Also, if -froot doesn't work on your site, check if -fanotherexistingusername works, root logins are usually denied from ttyp*
-- Bill Heiser @Work heiser () ed ray com + + + + @Home: bill () bhhome ci net
Ivo -- ------------------------------------------------------------------------ Name: Ivo van der Wijk | It won't give up it wants me dead Internet: irvdwijk () cs vu nl | this goddamn noise inside my head IRC: VladDrac | |\|||/| URL: http://www.hut.nl/users/ivo ------------------------------------------------------------------------
Current thread:
- Re: -froot??? (AIX rlogin bug) Bill Heiser (Aug 01)
- Re: -froot??? (AIX rlogin bug) irvdwijk () cs vu nl (Aug 01)
- SunOs bug G.J.W. Hagenaars (Aug 02)
- The things you can find with Mosaic Daniel R Ehrlich (Aug 02)
- vixie cron Jonathan M. Bresler (Aug 02)
- Re: vixie cron Ollivier ROBERT (Aug 03)
- <Possible follow-ups>
- Re: -froot??? (AIX rlogin bug) DFRussell (Aug 01)
- Re: -froot??? (AIX rlogin bug) Derik Jarne x353-2490 (Aug 01)