|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: -froot??? (AIX rlogin bug)
Mark G. Scheuern (mgscheue
vela.acs.oakland.edu)Sat, 30 Jul 1994 07:52:22 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Aaron Eppert: "Re: -froot??? (AIX rlogin bug)"
- Previous message: James W. Abendschan: "Solaris problems?"
- In reply to: Eric Wedaa: "-froot??? (AIX rlogin bug)"
- Next in thread: Aaron Eppert: "Re: -froot??? (AIX rlogin bug)"
>Someone over on the firewalls mailing list just threw out this tidbit:
>
> rlogin aix.machine -l -froot
>
>For instance:
>
> rlogin foobar -l -froot
>
>This gives you root access on any AIX 3.2.X machine.
>
>Does anyone have any history on this trapdoor? Apparently
>it also existed in Linux several generations ago.
>
>>>>>>>Ericw
This popped up some weeks ago. This rlogind bug has been around
for a long time; it's also in AIX 3.1.X. Here's IBM statement:
-----------------------------------------------------------------
{URGENT - AIX SECURITY EXPOSURE}
May 20, 1994
IBM has just become aware of an AIX security exposure that
makes it possible to remote login to any AIX Version 3
system as the root user without a password.
As described below, a workaround is immediately available
which eliminates the security exposure by disabling remote
login. An emergency fix is also available immediately
to rectify the AIX problem so that remote login can be
enabled with no security exposure.
An APAR has been opened and an official PTF will be
made available, in approximately two weeks, for installed
AIX systems and included in all new AIX shipments.
IBM hopes its efforts to respond rapidly to this problem will
allow customers to eliminate this security exposure with
minimal disruption.
{IMMEDIATE WORKAROUND:}
The recommended workaround is to disable rlogin in the /etc/inetd.conf
file using the following procedure:
1. As root, edit /etc/inetd.conf
2. Comment out the line 'login ... rlogin'
3. Run 'inetimp'
4. Run 'refresh -s inetd'
{EMERGENCY FIX:}
Emergency Fixes for the different levels of AIX affected by
this exposure will be available via anonymous ftp from
software.watson.ibm.com. The files will be located
in /pub/rlogin in compressed tar format.
{OFFICIAL FIX:}
The official fix for this problem can be ordered as
Authorized Program Analysis Report (APAR) IX44254.
To order an APAR from IBM in the U.S. call 1-800-237-5511
and ask for shipment as soon as it is available. APARs
may be obtained outside the U.S. by contacting your local
IBM representative.
For questions regarding this information, please contact
Frank Karner (KARNER at AUSTIN; TL/793-5950; 512-823-5950).
-----------------------------------------------------------------
When I told one of our on-site IBM droids about this, he didn't
believe it. "No way, the goverment buys these machines because
they're Class B secure!" So I showed him... . I also saw an
IBM spokesperson describe this in a trade publication as requiring
"a complex series of commands". Hell, it's easier than logging
in the usual way, with the password.
Mark Scheuern
Chrysler Corp.
"I don't speak for Chrysler"
- Next message: Aaron Eppert: "Re: -froot??? (AIX rlogin bug)"
- Previous message: James W. Abendschan: "Solaris problems?"
- In reply to: Eric Wedaa: "-froot??? (AIX rlogin bug)"
- Next in thread: Aaron Eppert: "Re: -froot??? (AIX rlogin bug)"