From: Jason Haar <j.haar@csc.canterbury.ac.nz> Subject: rsh vulnerability? Date: Sun, 8 Aug 1993 05:20:11 GMT
Hi,
I just installed SLS 1.03 yesterday on my new 486DX33 - and I'm happier
than a hog in muck! Hard to believe such a piece of software could be so
freely available :-)
Annnyway, problem with rsh. It works - too well. I've got no
/etc/hosts.equiv or /.rhosts file, and yet I can rsh commands from any
other host (logged in as root) onto my Linux box!:
e.g.
SunHost[root]# rsh linux w
5:05am up 3:13, 4 users, load average: 0.00, 0.01, 0.06
User tty login@ idle JCPU PCPU what
jason tty1 3:27pm -632 13 5 twm
jason ttyp1 3:38pm 4 3 -
jason ttyp0 3:37pm 2:19 -tcsh
That shouldn't be happening...
Strange thing is, rlogin asked for a password like it should - so it seems
something is specifically wrong/broken with in.rshd. Syslog isn't
reporting anything unusual (it does report that a root@sunhost connection
occured).
Anyone seen this before? I've disabled in.rshd for the time being.