Old rlogin bug
William Colburn
schlake at nmt.edu
Wed Jul 25 10:55:34 AEST 1990
In article <23959 at adm.BRL.MIL> bull at itd.nrl.navy.mil writes:
>
>In November of 1988 a flaw was described in the unix-wizards bulletin
>board dealing with the rlogin program. It seems that in some unix systems it
>was possible for a user to gain superuser access to the system by giving
>the command "rlogin host-name -l ''". We have not been able to determine
>the specific flaw that permitted this security breach, and we would
>appreciate any information readers of this message can provide on this point.
>
Well, a freind of mine here was rloging into a SUN 3/50 from a terminal
server. He got the login prompt, and then decided not to login that particular
machine, so hit cntl-C cntl-D (or the reverse, I don't remember). Rather
than terminating the connection, he got a prompt. `whoami` returned "root".
The real root found no login records, no `lastcomm` records, no nothing. The
problem only existed on that single sun machine, from the specific terminal
server. They deleted the 'yp' (copyright? phfffbbbt!) entry and the problem
went away.
Schlake
Sys-admin
Nethack player
and a lousy speller.
More information about the Comp.unix.wizards
mailing list