rsh vulnerability?

rsh vulnerability?

Post by Mike Jagd » Tue, 10 Aug 1993 07:26:00




JH> I just installed SLS 1.03 yesterday on my new 486DX33 ...

JH> Annnyway, problem with rsh. It works - too well. I've got no
JH> /etc/hosts.equiv or /.rhosts file, and yet I can rsh commands from any
JH> other host (logged in as root) onto my Linux box!:

At a guess:

        1. SLS 1.03 is using shadow passwords.
        2. rshd in SLS 1.03 isn't using shadow passwords.
        3. The root entry in /etc/password in SLS 1.03 still has a
           null password field instead of '*' as it should have.

It's just a guess though. I'm sure Peter has checked the obvious several
times...

                                Mike  

 
 
 

1. rsh vulnerability?

Hi,

I just installed SLS 1.03 yesterday on my new 486DX33 - and I'm happier
than a hog in muck! Hard to believe such a piece of software could be so
freely available :-)

Annnyway, problem with rsh. It works - too well. I've got no
/etc/hosts.equiv or /.rhosts file, and yet I can rsh commands from any
other host (logged in as root) onto my Linux box!:

e.g.

SunHost[root]# rsh linux w
  5:05am  up  3:13,  4 users,  load average: 0.00, 0.01, 0.06

jason    tty1      3:27pm  -632     13      5  twm
jason    ttyp1     3:38pm     4      3         -
jason    ttyp0     3:37pm  2:19                -tcsh

That shouldn't be happening...

Strange thing is, rlogin asked for a password like it should - so it seems
something is specifically wrong/broken with in.rshd. Syslog isn't

occured).

Anyone seen this before? I've disabled in.rshd for the time being.

--

Cheers

Jason Haar, Network Consultant

2. Power save

3. IBM-ERS Security Vulnerability Alert: AIX V3 rmail vulnerability

4. Roaring Penguin PPPOE: No joy ;-(

5. BoS: (fwd) IBM-ERS Security Vulnerability Alert: AIX V3 rmail vulnerability

6. IBM ThinkPad 760E

7. TCP Wrapper / rsh problem (rsh hangs)

8. Mac Address retrieval from OS?

9. rsh localhost works, rsh by name doesn't

10. rsh does not return: rsh -n spica /etc/init.d/autofs start ?

11. How to tell difference between rsh and rsh command

12. rsh - getting the status of an rsh'd command

13. rsh works, rsh -l newusr doesnt, any ideas?