[430] in bugtraq
Re: login -h
daemon@ATHENA.MIT.EDU (Bogdan Pelc)
Thu Dec 8 06:57:15 1994
Date: Thu, 8 Dec 1994 09:26:14 +0100
From: Bogdan Pelc <pelc@fb3-s7.math.tu-berlin.de>
To: bugtraq@fc.net
In-Reply-To: <199412071754.KAA14225@niwot.scd.ucar.EDU> (era@ucar.edu)
>>>>> "EA" == Ed Arnold <era@ucar.edu> writes:
EA> James Bonfield wrote:
>> A typical spoof would be:
>>
>> rlogin targethost -l -htargethost
>>
>> Then type in the user and password. It'll then appear to last, who and
>> probably finger, on targethost that the user has logged in from that
>> system, not from remotely.
>>
>> This bug occurs on several systems, such as DEC OSF/1 V3.0 and
>> Concentrix 2.1. I have tried Solaris 2.3 and SunOS 4.1 which both
>> appear to be safe from this at first glance. (We haven't got a newer
>> SunOS 4.x unfortunately! So I've done no tests on 4.1.3U1.) I expect
>> most other systems are safe too.
EA> Both 4.1.3_U1 and AIX 3.2.5 appear to be safe ...
But not on AIX 3.2.4, on this system this Trick does its work.
____________________________________________________________________________
Bogdan Pelc; Sekr. 6-3, Ma666; Tel: 030-31425746, 030-31422491
pelc@math.tu-berlin.de
Do You realize , that this world is totally FUGAZI, where are the poets,
where are the visionaries ... (FISH)
