rlogin vulnerability: CERT Advisory CA-97.06

rlogin vulnerability: CERT Advisory CA-97.06

Post by Phil Pishione » Sat, 08 Feb 1997 04:00:00



In the recent CERT advisory for the rlogin problem, APAR IX57972 is
listed as the fix for AIX 4.1.  This fix is contained in fileset
bos.net.tcp.client.4.1.4.13 (and perhaps others).

Does anyone know if this fix is just contained within the rlogin
executable, or if other parts of the fileset are needed?  On some of
our systems we'd like to get away with just distributing a new rlogin
instead of installing that fileset and all of its prerequisites, if
possible.

-Phil                   Cornell Theory Center

 
 
 

1. CERT Advisory CA-97.06: BAD rlogin_wrapper.c installation

We installed the rlogin_wrapper.c recommended in CERT Advisory CA-97.06,
with the installation advice:

 * Installation (as root):
 *      # mkdir /usr/bin/wrapped
 *      # chmod 500 /usr/bin/wrapped
 *      # mv /usr/bin/rlogin /usr/bin/wrapped/rlogin
 *      # chmod 100 /usr/bin/wrapped/rlogin
 *      # cc -O rlogin_wrapper.c -o /usr/bin/rlogin
 *      # chmod 4711 /usr/bin/rlogin

This is BAD advice !  When /usr is NFS-mounted (in the case of diskless/
dataless NFS clients), the root user on the NFS client CANNOT access
the /usr/bin/wrapped directory !!!

A possible solution may be:

chgrp staff /usr/bin/wrapped /usr/bin/rlogin
chmod  550 /usr/bin/wrapped
chmod 6711 /usr/bin/rlogin

(assuming that the root user on the NFS client is in group staff).
This will permit the sgid-staff executable /usr/bin/rlogin to exec
/usr/bin/wrapped/rlogin.

I am not 100% sure that this solution will work correctly, nor about
possible security problems, so use it at your own risk.

With best regards,

Ole H. Nielsen
Department of Physics, Building 307
Technical University of Denmark, DK-2800 Lyngby, Denmark

WWW URL: http://www.fysik.dtu.dk/persons/ohnielse.html
Telephone: (+45) 45 25 31 87
Telefax:   (+45) 45 93 23 99

2. Suse 6.4?

3. SunOS not vulnerable to rlogin bug (CERT CA-97.06)

4. dynamic update of routing table

5. HTTPD and CERT advisory CA-97.07

6. Linux-Development-System Digest #57

7. [Fwd: CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload]

8. binary file

9. CA Cert with OpenSSL not recognised as "CA" cert

10. CERT Advisory CA-94:09.bin.login.vulnerability

11. CERT Advisory CA-2002-25 & Sun Alert 46122

12. CERT Advisory - Solaris System Startup Vulnerability

13. CERT Advisory CA-2002-11 Heap Overflow in Cachefs Daemon (cachefsd)