[419] in bugtraq
Re: login -h
daemon@ATHENA.MIT.EDU (Ed Arnold)
Wed Dec 7 16:30:37 1994
To: bugtraq@fc.net
Date: Wed, 7 Dec 94 10:54:40 MST
From: era@ucar.edu (Ed Arnold)
Reply-To: era@ucar.edu (Ed Arnold)
James Bonfield wrote:
> A typical spoof would be:
>
> rlogin targethost -l -htargethost
>
> Then type in the user and password. It'll then appear to last, who and
> probably finger, on targethost that the user has logged in from that system,
> not from remotely.
>
> This bug occurs on several systems, such as DEC OSF/1 V3.0 and Concentrix 2.1.
> I have tried Solaris 2.3 and SunOS 4.1 which both appear to be safe from this
> at first glance. (We haven't got a newer SunOS 4.x unfortunately! So I've done
> no tests on 4.1.3U1.) I expect most other systems are safe too.
Both 4.1.3_U1 and AIX 3.2.5 appear to be safe ...
