Bugtraq mailing list archives
Re: rshd gives away usernames
From: eric () AIMNET NET (Eric)
Date: Fri, 13 Jun 1997 10:59:40 -0700
Well sendmail has always done the more or less the same thing. say I telnetted to port 25 of some.mailhost.com 220 some.mailhost.com ESMTP Sendmail 8.8.5/8.7.1; Fri, 13 Jun 1997 10:56:20 -0700 (PDT) HELO A 250 some.mailhost.com Hello userid () some mailor com [1.2.3.4], pleased to meet you MAIL FROM:me 250 me... Sender ok RCPT TO:nosuchguy 550 nosuchguy... User unknown RCPT TO:root 250 root... Recipient ok .... So how would you propose that get fixed? Patch up sendmail so people don't know if they mailed the wrong address? --- Eric Kmetz Phone - 408/567.3800 Systems Programmer E-Mail - eric () aimnet net Aimnet Corporation On Fri, 13 Jun 1997, David Holland wrote:
Try 'rsh victimhost -l realuser' and 'rsh victimhost -l nosuchuser'. The error reported is different. Therefore, it's possible to determine which account names are valid. This is an issue only for particularly paranoid sites that probably already have rshd disabled, but I thought it would be worth issuing a warning anyway. A cursory investigation of some local machines showed the following: Affected: Linux, NetBSD, Digital Unix 4.0 Not affected: HP-UX, Solaris Linux's rsh client also seems to have a bug where the second of the above cases prints random error strings. This will all be fixed in the next release (unfortunately, not yesterday's release...) -- - David A. Holland | VINO project home page: dholland () eecs harvard edu | http://www.eecs.harvard.edu/vino
Current thread:
- Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program, (continued)
- Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Adam Morrison (Jun 15)
- Netscape Exploit root (Jun 14)
- Bug in SGI's /cgi-bin/handler Razvan Dragomirescu (Jun 14)
- Re: Bug in SGI's /cgi-bin/handler Yaron Yanay (Jun 15)
- sendmail 8.8.6 released Eric Allman (Jun 14)
- Re: Netscape Exploit Roger Espel Llima (Jun 14)
- Re: Netscape Exploit Micah Brandon (Jun 14)
- Re: Netscape Exploit Manoj Kasichainula (Jun 15)
- rshd gives away usernames David Holland (Jun 13)
- Re: rshd gives away usernames Erik Troan (Jun 13)
- Re: rshd gives away usernames Eric (Jun 13)
- Re: rshd gives away usernames Todd C. Miller (Jun 13)
- Re: rshd gives away usernames Alan Brown (Jun 14)
- Changing default UMASK for all daemons Dax Kelson (Jun 13)
- Re: Changing default UMASK for all daemons Joe Traister (Jun 14)
- Re: Changing default UMASK for all daemons Michael Helm (Jun 14)
- Re: Changing default UMASK for all daemons Tomasz R. Surmacz (Jun 16)
- Re: rshd gives away usernames Christophe Kalt (Jun 14)
- Netscape update on their web site Robert Watson (Jun 13)
- Re: Netscape update on their web site Manoj Kasichainula (Jun 13)
- Netscape Exploit... with technical details. Rusty Conover (Jun 13)