[579] in SIPB_Linux_Development
Linux security hole
daemon@ATHENA.MIT.EDU (jjprior@MIT.EDU)
Sun May 22 20:15:52 1994
From: jjprior@MIT.EDU
To: linux-dev@MIT.EDU
Date: Sun, 22 May 94 20:15:42 EDT
In case you haven't read about it, a massive security whole has been
found in linux. It is being discussed on comp.os.linux.admin.
Basically you can login as root from the console or by telnet without
a password type typing:
"login:-f root" from the console
or
"telnet -l -f root hostname" over the net.
The fix is to install updated telnetd and rlogind from the file
security.tgz in sunsite's incoming directory as well as getty_ps-2.0.7e.
This should probably be pointed out over linux-help but I leave it
to your group.
