On Wed, 2 Oct 2002, buzheng wrote:

> I do not think this is a new bug.

I completely agree.

> But, the remote setting of TTYPROMPT does matter. you can not succeed in
> login without remotely changing the TTYPROMPT. This is also the bug
> mentioned in Jonathan's original letter (bid:5531).

That's why this bug is not exploitable using remote applications like
rlogin, ssh (at least if you are not crazy enough to enable UseLogin
option) or X.25 pad: rlogin and pad aren't able to pass env vars others
than TERM, while ssh normally don't uses /bin/login for user authentication.

> If you have applied patches for these 2 bugs, you are safe now.
>
> BTW: you can change multiple "c "s to "a=b"s, actually, since SYS V
> login treat " " as environ var separator, you can also use >=64 words
> separated by " " or "\t". they will all work.

Agreed as well.

:raptor
Antifork Research, Inc. ITBH Italian Black Hats
http://www.0xdeadbeef.eu.org http://elite.blackhats.it

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]