Bugtraq mailing list archives
Re: login -h
From: alx () black BGU AC IL (Alexander Haiut)
Date: Thu, 8 Dec 1994 12:25:47 +0200 (GMT+0200)
On Wed, 7 Dec 1994, Bonfield James wrote:
... Remember the "rlogin -l -froot" type bugs some time ago? At the time I mentioned that "-l -hhostname" could also be used to spoof hostnames in the wtmp files. This is still true. The reason I haven't posted again about this earlier is that we've been having a couple problems ourselves. Using the tcp wrapper helps things, but it's only just been installed (despite the fact that I've requested it numerous times). A typical spoof would be: rlogin targethost -l -htargethost Then type in the user and password. It'll then appear to last, who and probably finger, on targethost that the user has logged in from that system, not from remotely. ...
okay, 4.1.3_u1 works correct (read: "safe" ;-) in this case, but if talking about spoofing, why not to use the simple trick with C-shell: rsh hostname /bin/csh -bif it logs you in without tty, but also without any entries in [wu]tmp files.. that's all.. --alex. --- Alexander L. Haiut Ben-Gurion University of the Negev, Beer-Sheva, Israel ________________________________________ e-mail : alx () cs bgu ac il voice : +972-7-461658
Current thread:
- login -h Bonfield James (Dec 07)
- Re: login -h Alexander Haiut (Dec 08)
- <Possible follow-ups>
- Re: login -h Pete Hartman (Dec 07)
- Re: login -h Casper Dik (Dec 07)
- Re: login -h Ed Arnold (Dec 07)
- Re: login -h Bogdan Pelc (Dec 08)
- Re: login -h Adam Shostack (Dec 08)
- Re: login -h Bogdan Pelc (Dec 08)
- Re: login -h Michael Bresnahan (Dec 07)
- Re: login -h Robert M. Haas (Dec 08)
- Re: login -h H Morrow Long (Dec 08)
- Re: login -h der Mouse (Dec 08)