Bugtraq mailing list archives

Re: Linux rlogin hole with libc 5.x

From: mfkr () mezcal valparaiso cl (Pablo Idiaquez)
Date: Thu, 6 Jun 1996 05:11:34 -0400


alan wrote :


The hole in the 5.x libraries is known and specifically warned about in
the kernel documentation file which discusses updating to ELF.

The hole is fixed in libc5.3.12 and later.

Be warned that the 5.x series Libc's are currently classed as "experimental"

The simple solution to the problem is to disable rlogin. There's little
point leaving any inetd service open unless it's actually being used.

AB

      RedHat 3.0.3 and Slackware actually are exposed because it use
      libc-5.2.18, don-t know if it was pointed . I havent received
      a copy from the original message called:
      "Linux rlogin hole with libc 5.x"
      plese sendme a copy.

      I ve just remove rlogin rshd & rexec from inetd.conf
      from a couple of linux boxes.

     Cheers
Pablo

Current thread:

Re: Not so much a bug as a warning of new brute force attack, (continued)
- - - Re: Not so much a bug as a warning of new brute force attack Steve Chew (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Shaun Lowry (Jun 04)
    - Re: Not so much a bug as a warning of new brute force attack Valdis.Kletnieks () vt edu (Jun 04)
    - rexec brute bastard (Jun 04)
    - Selecting Good Passwords mdr () vodka sse att com (Jun 04)
    - brute force *Hobbit* (Jun 04)
    - Re: brute force Christopher Klaus (Jun 04)
    - Re: brute force Tom Fitzgerald (Jun 05)
    - Re: brute force Alan Brown (Jun 06)
    - Re: Linux rlogin hole with libc 5.x Alan Brown (Jun 06)
    - Re: Linux rlogin hole with libc 5.x Pablo Idiaquez (Jun 06)
    - help TaeJin Hong (Jun 07)
    - HP-UX B.10.01 vulnerability Aleph One (Jun 07)
    - Strange changes - any ideas? Fred Cohen (Jun 08)
    - Re: Strange changes - any ideas? dsiebert () icaen uiowa edu (Jun 09)
    - Re: Strange changes - any ideas? Andrew V. Kovalev (Jun 09)
    - Digital Unix, daemons and the SIA authentication library. Paul C Leyland (Jun 10)
    - Re: Strange changes - any ideas? Darren Reed (Jun 10)
    - Vulnerability Database Christopher Klaus (Jun 10)
    - Re: brute force Ze'ev Maor (Jun 04)
    - Re: brute force simes () tcp co uk (Jun 04)

(Thread continues...)