Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_4

Bugtraq archives for 4th quarter (Oct-Dec) 1994: Re: login -h

Re: login -h

Adam Shostack (adambwh.harvard.edu)
Thu, 8 Dec 94 9:54:09 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: H Morrow Long: "Re: login -h"
Previous message: Christopher Samuel: "Re: Race conditions"
In reply to: Bogdan Pelc: "Re: login -h"
Next in thread: Michael Bresnahan: "Re: login -h"

You wrote:

| >>>>> "EA" == Ed Arnold <eraucar.edu> writes:
| 
|   EA> James Bonfield wrote:
|   >> A typical spoof would be:
|   >> 
|   >> rlogin targethost -l -htargethost
|   >> 
|   >> Then type in the user and password. It'll then appear to last, who and
|   >> probably finger, on targethost that the user has logged in from that
|   >> system, not from remotely.

|   EA> Both 4.1.3_U1 and AIX 3.2.5 appear to be safe ...
| 
| But not on AIX 3.2.4, on this system this Trick does its work.

	Try the -f abuse on that 3.2.4 system.  I seem to remember IBM
fixing -h at the same time as -f.  I think the syntax was rlogin -l
-froot hostname 

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume

Next message: H Morrow Long: "Re: login -h"
Previous message: Christopher Samuel: "Re: Race conditions"
In reply to: Bogdan Pelc: "Re: login -h"
Next in thread: Michael Bresnahan: "Re: login -h"