[2698] in bugtraq
Re: Linux rlogin hole with libc 5.x
daemon@ATHENA.MIT.EDU (Pablo Idiaquez)
Fri Jun 7 06:14:12 1996
Date: Thu, 6 Jun 1996 05:11:34 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Pablo Idiaquez <mfkr@mezcal.valparaiso.cl>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SUN.3.90.960606195819.6463S-100000@papaioea.manawatu.gen.nz> from "Alan Brown" at Jun 6,
96 08:01:53 pm
alan wrote :
>
> The hole in the 5.x libraries is known and specifically warned about in
> the kernel documentation file which discusses updating to ELF.
>
> The hole is fixed in libc5.3.12 and later.
>
> Be warned that the 5.x series Libc's are currently classed as "experimental"
>
> The simple solution to the problem is to disable rlogin. There's little
> point leaving any inetd service open unless it's actually being used.
>
> AB
>
RedHat 3.0.3 and Slackware actually are exposed because it use
libc-5.2.18, don-t know if it was pointed . I havent received
a copy from the original message called:
"Linux rlogin hole with libc 5.x"
plese sendme a copy.
I ve just remove rlogin rshd & rexec from inetd.conf
from a couple of linux boxes.
Cheers
Pablo
