|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Insta-root via bsd-ish rlogind (Re: Security hole in AIX rlogin)
Richard Johnson (Richard.Johnson
colorado.edu)Sat, 21 May 1994 13:59:52 -0600
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Paul Daw: "rlogind on Pyramid systems."
- Previous message: peterfreedom.nmsu.edu: "AIX rlogind"
- In reply to: Pug: "Fun! (fwd)"
IBM's emergency patch for the rlogin <host> -l -f... password check disable problem is available as: ftp://software.watson.ibm.com/pub/rlogin/rlogin.tar.Z Note that this hole is supposedly present in many bsd-ish systems. My HP/UX (9.0) and SunOs (4.1.{2|3} & 5.3) systems are OK, but my hp-bsd systems appear to allow a -f. Your mileage may vary. Here's the first part of IBM's readme: > APAR IX44254 -- rlogin security hole > > This document describes how to apply the emergency patch for APAR > IX44254. This emergency patch is not the permanent solution to this > problem, it merely provides a means to restore rlogin functionality > in a more secure manner. > > ... Richard
- Next message: Paul Daw: "rlogind on Pyramid systems."
- Previous message: peterfreedom.nmsu.edu: "AIX rlogind"
- In reply to: Pug: "Fun! (fwd)"