|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
ptylogin contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user caused to modem to quit accepting incomming calles, and will result in loss of availability for the modem.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Denial of Service
Impact:
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
1. Use mgetty-1.1.20 provided 'ptylogin' program.
Update mgetty's login.config with:
* root dialin /usr/bin/ptylogin
2. Use rlogin to login.
Update getty's login.config with:
* nobody dialin /usr/bin/rlogin -8E localhost -l
WARNING: please check that if you enter nobody as user name, you
don't get a shell. This could happen if nobody has a
shell and localhost is listed in ~nobody/.rhosts or
/etc/hosts.equiv.
The work-around works as long as there is no other specific
configuration in login.config (AutoPPP and FIDO are ok; user
specific login commands are NOT, unless the login program refuses
user name switch, ie doesn't retry on failure).
|
|
Products |
|
ptylogin
 |
Unknown or Unspecified |
|
|
|
|
Credit |
- Marc Schaefer - schaefer
 alphanet.ch -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
