Old rlogin bug

bull at itd.nrl.navy.mil bull at itd.nrl.navy.mil
Wed Jul 25 06:55:41 AEST 1990


We at the Naval Research Laboratory are investigating security flaws in
software.  Our goal is to collect examples of actual flaws and provide
descriptions of them in a form that could help software developers avoid
or eliminate such flaws in future products.  We do not intend to distribute
descriptions of flaws in a form that would be useful to penetrators. 

In November of 1988 a flaw was described in the unix-wizards bulletin
board dealing with the rlogin program.  It seems that in some unix systems it
was possible for a user to gain superuser access to the system by giving
the command "rlogin host-name -l ''".  We have not been able to determine
the specific flaw that permitted this security breach, and we would 
appreciate any information readers of this message can provide on this point.


	  Thanks in advance

	  Alan R. Bull
	  bull at itd.nrl.navy.mil
	  (202) 767-6698

 


----- End Included Message -----



More information about the Comp.unix.wizards mailing list