Bugtraq mailing list archives
rlogin can be used to change finger information
From: jkb () mrc-lmb cam ac uk (Bonfield James)
Date: Fri, 2 Jun 1995 11:52:36 +0100 (BST)
The recent note about hiding from finger reminded me of a problem with rlogin
on some systems (not SunOS 4 or Solaris 2 it seems).
When the -l -froot flaw was noticed I quickly realised that whilst few systems
suffered from -froot, more suffered from -hhostname (including OSF/1 V3.0,
Concentrix 3.0.00).
On such systems an 'rlogin machine -l -hhostname' will write 'hostname' to the
last log information rather than your real hostname. This shouldn't pose
problems to those using the tcp wrappers though (I prefer these to wtmp any
way as the fields in wtmp are just too short).
James
Current thread:
- Re: [8lgm]-Advisory-17.UNIX.sendmail Mark Graff (Jun 01)
- login can be used to hide from finger under SunOS 4.13u1 David Sacerdote (Jun 01)
- Re: login can be used to hide from finger under SunOS 4.13u1 Casper Dik (Jun 02)
- rlogin can be used to change finger information Bonfield James (Jun 02)
- Cisco IP packet filtering vulnerablility Paul Traina (Jun 01)
- Re: Cisco IP packet filtering vulnerablility Darren Reed (Jun 02)
- lsof 3.29 -- good news and bad Vic Abell (Jun 02)
- Re: rlogin can be used to change finger information Casper Dik (Jun 02)
- Re: login can be used to hide from finger under SunOS 4.13u1 Karl Strickland (Jun 02)
- login can be used to hide from finger under SunOS 4.13u1 David Sacerdote (Jun 01)
- Re: [8lgm]-Advisory-17.UNIX.sendmail Karl Strickland (Jun 01)