Old rlogin bug

Raymond Thompson rt at msor.UUCP
Fri Jul 27 00:17:48 AEST 1990


In article <23959 at adm.BRL.MIL> bull at itd.nrl.navy.mil writes:
>We at the Naval Research Laboratory are investigating security flaws in
>software.  Our goal is to collect examples of actual flaws...
>                                   ...  It seems that in some unix systems it
>was possible for a user to gain superuser access to the system by giving
>the command "rlogin host-name -l ''".

This happened to me soon after we installed a new SUN system and was caused
by a typing error in the passwd file.  The line
+::0:0:::
forcing a look at NIS (ne YP) was typed in with the leading '+' missing.
Hey presto, a null System Manager



More information about the Comp.unix.wizards mailing list