1007 : Multiple Unix Vendor rlogin -froot Remote Authentication Bypass
Printer | http://osvdb.org/1007 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
18	5626	over 10 years ago	11 months ago	4 times	90%

Timeline

Disclosure Date
1994-05-21

Time to Exploit
140 days

Description

The rlogin command of multiple Unix vendor contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered when using the '-froot' parameter, which allows a remote attacker to gain root access on a system without being prompted for a password resulting in a loss of integrity.

Classification

Location: Remote / Network Access, Local / Remote
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure, Discovered in the Wild

Solution

Contact your vendor for an appropriate patch. It is also possible to correct the flaw by implementing the following workaround: comment out the 'rlogin' line in /etc/inetd.conf and restart the inetd process.

Products

IBM Corporation	AIX	3.1.x
		3.2.x

Unknown Distribution

Linux

Unknown or Unspecified

Silicon Graphics, Inc.

IRIX

Unknown or Unspecified

References

ISS X-Force ID: 104
Exploit Database: 19348
CVE ID: 1999-0113 (see also: NVD)
Bugtraq ID: 458
CERT: CA-1994-09
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_2/0274.html
http://archives.neohapsis.com/archives/bugtraq/1994_2/0279.html
http://archives.neohapsis.com/archives/bugtraq/1994_2/0280.html
http://archives.neohapsis.com/archives/bugtraq/1994_2/0281.html
http://archives.neohapsis.com/archives/bugtraq/1994_2/0283.html
http://archives.neohapsis.com/archives/bugtraq/1994_2/0289.html
http://archives.neohapsis.com/archives/bugtraq/1994_2/0292.html
http://archives.neohapsis.com/archives/bugtraq/1994_3/0100.html

Tools & Filters

	10161

Credit

Pug - pugarlut.utexas.edu -

CVSSv2 Score

CVSSv2 Base Score = 10.0
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Comments

Add Comment Hide Add Comment

Anonymous - 2008/01/21 15:22:34

This was reported on a very limited Linux Kernel 0.9x distribution and actively exploited at the time. However, no one seems to have documented the exact version or release (Slackware maybe?).

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.