[435] in bugtraq
Re: login -h
daemon@ATHENA.MIT.EDU (Adam Shostack)
Thu Dec 8 14:00:18 1994
From: Adam Shostack <adam@bwh.harvard.edu>
To: pelc@fb3-s7.math.tu-berlin.de (Bogdan Pelc)
Date: Thu, 8 Dec 94 9:54:09 EST
Cc: bugtraq@fc.net
In-Reply-To: <199412080826.AA11813@fb3-s7.math.tu-berlin.de>; from "Bogdan Pelc" at Dec 8, 94 9:26 am
You wrote:
| >>>>> "EA" == Ed Arnold <era@ucar.edu> writes:
|
| EA> James Bonfield wrote:
| >> A typical spoof would be:
| >>
| >> rlogin targethost -l -htargethost
| >>
| >> Then type in the user and password. It'll then appear to last, who and
| >> probably finger, on targethost that the user has logged in from that
| >> system, not from remotely.
| EA> Both 4.1.3_U1 and AIX 3.2.5 appear to be safe ...
|
| But not on AIX 3.2.4, on this system this Trick does its work.
Try the -f abuse on that 3.2.4 system. I seem to remember IBM
fixing -h at the same time as -f. I think the syntax was rlogin -l
-froot hostname
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
