Bugtraq mailing list archives

Re: Fix for Linux/AIX login hole

From: cklaus () shadow net (Christopher Klaus)
Date: Mon, 23 May 94 19:24:13 EDT





That would be a very poor fix, as it would only keep out people using the
hole to access 'root'.  rsh machine -l -fbin would still work, and if AIX is
like most Unixes, getting access to bin, daemon, or one of the other system
users leaves little work left to get root.  Plus you can login as any real
user on the system, passwords are meaningless.


I tried doing rlogin -l -fbin, -fdaemon, etc.  It only worked for accounts
that had their passwords set, such as root and regular accounts.  Since bin
and daemon had their passwords as * instead of a real password, I assume
login didnt check getty or something was diverting it from letting you gain
access.  So, its just a matter of fingering the aix machine to find other
accounts to log in as.  




-- 
Christopher William Klaus  <cklaus () shadow net>  <iss () shadow net>
Internet Security Systems, Inc.   
2209 Summit Place Drive,
Atlanta,GA 30350-2430. (404)998-5871.

Current thread:

Re: Fix for Linux/AIX login hole Serge J. Goldstein (May 23)
- Re: Fix for Linux/AIX login hole Doug McLaren (May 23)
- <Possible follow-ups>
- Re: Fix for Linux/AIX login hole Doug Siebert (May 23)
  - Re: Fix for Linux/AIX login hole Christopher Klaus (May 23)
- Re: Fix for Linux/AIX login hole H Morrow Long (May 23)
  - Re: Fix for Linux/AIX login hole Perry E. Metzger (May 24)
    - Re: Fix for Linux/AIX login hole George Boyce (May 24)
    - Re: Fix for Linux/AIX login hole Perry E. Metzger (May 24)