Old rlogin bug
bull at itd.nrl.navy.mil
bull at itd.nrl.navy.mil
Wed Jul 25 06:55:41 AEST 1990
We at the Naval Research Laboratory are investigating security flaws in
software. Our goal is to collect examples of actual flaws and provide
descriptions of them in a form that could help software developers avoid
or eliminate such flaws in future products. We do not intend to distribute
descriptions of flaws in a form that would be useful to penetrators.
In November of 1988 a flaw was described in the unix-wizards bulletin
board dealing with the rlogin program. It seems that in some unix systems it
was possible for a user to gain superuser access to the system by giving
the command "rlogin host-name -l ''". We have not been able to determine
the specific flaw that permitted this security breach, and we would
appreciate any information readers of this message can provide on this point.
Thanks in advance
Alan R. Bull
bull at itd.nrl.navy.mil
(202) 767-6698
----- End Included Message -----
More information about the Comp.unix.wizards
mailing list