[1571] in linux-security and linux-alert archive
[linux-security] Re: rshd gives away usernames
daemon@ATHENA.MIT.EDU (David Holland)
Fri Jun 20 07:05:33 1997
From: David Holland <dholland@eecs.harvard.edu>
To: bugtraq@netspace.org
Date: Fri, 13 Jun 1997 16:06:23 -0400 (EDT)
Cc: linux-security@redhat.com
In-Reply-To: <199706131703.MAA03208@apollo.jeeves.net> from "repayne@jeeves.net" at Jun 13, 97 12:01:32 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
> On Fri, 13 Jun 1997 07:17, David Holland said:
> > Try 'rsh victimhost -l realuser' and 'rsh victimhost -l nosuchuser'.
> > The error reported is different.
I meant, of course, 'rsh victimhost -l realuser ls' and 'rsh
victimhost -l nosuchuser ls'. Otherwise it runs rlogin, and rlogind
doesn't seem to have the bug.
Sorry about the confusion.
--
- David A. Holland | VINO project home page:
dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino