Bugtraq mailing list archives

Re: rshd gives away usernames

From: ewt () REDHAT COM (Erik Troan)
Date: Fri, 13 Jun 1997 13:50:08 -0400


On Fri, 13 Jun 1997, David Holland wrote:

Try 'rsh victimhost -l realuser' and 'rsh victimhost -l nosuchuser'.
The error reported is different.

Therefore, it's possible to determine which account names are valid.
This is an issue only for particularly paranoid sites that probably
already have rshd disabled, but I thought it would be worth issuing a
warning anyway.


The PAM version of Linux's rshd doesn't have this problem. Some of the
earlier ones did, but Red Hat 4.2 has this problem fixed.

I never sent the patches to David because they were PAM bugs, not
rshd bugs, and I never tested this against a non-PAM rshd (duh).

Erik

-------------------------------------------------------------------------------
| "Psychopaths kill for no reason: I kill for money." -- Grosse Pointe Blank  |
|                                                                             |
|       Erik Troan   =   ewt () redhat com     =    ewt () sunsite unc edu          |

Current thread:

Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program, (continued)
- - - Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Thomas Koenig (Jun 14)
    - Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Adam Morrison (Jun 15)
    - Netscape Exploit root (Jun 14)
    - Bug in SGI's /cgi-bin/handler Razvan Dragomirescu (Jun 14)
    - Re: Bug in SGI's /cgi-bin/handler Yaron Yanay (Jun 15)
    - sendmail 8.8.6 released Eric Allman (Jun 14)
    - Re: Netscape Exploit Roger Espel Llima (Jun 14)
    - Re: Netscape Exploit Micah Brandon (Jun 14)
    - Re: Netscape Exploit Manoj Kasichainula (Jun 15)
    - rshd gives away usernames David Holland (Jun 13)
    - Re: rshd gives away usernames Erik Troan (Jun 13)
    - Re: rshd gives away usernames Eric (Jun 13)
    - Re: rshd gives away usernames Todd C. Miller (Jun 13)
    - Re: rshd gives away usernames Alan Brown (Jun 14)
    - Changing default UMASK for all daemons Dax Kelson (Jun 13)
    - Re: Changing default UMASK for all daemons Joe Traister (Jun 14)
    - Re: Changing default UMASK for all daemons Michael Helm (Jun 14)
    - Re: Changing default UMASK for all daemons Tomasz R. Surmacz (Jun 16)
    - Re: rshd gives away usernames Christophe Kalt (Jun 14)
    - Netscape update on their web site Robert Watson (Jun 13)
    - Re: Netscape update on their web site Manoj Kasichainula (Jun 13)

(Thread continues...)