Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!tut.cis.ohio-state.edu!ucbvax!agate!usenet.ins.cwru.edu!eagle!mildred!mckim
From: mckim@mildred.lerc.nasa.gov (Jim McKim)
Newsgroups: comp.unix.sysv386
Subject: Re: rlogin(1) security bug in ISC UNIX
Keywords: security, rlogin
Message-ID: <1991Mar19.141635.169@eagle.lerc.nasa.gov>
Date: 19 Mar 91 14:16:35 GMT
References: <1991Mar19.014000.7582@virtech.uucp>
Sender: news@eagle.lerc.nasa.gov
Reply-To: mckim@mildred.UUCP (Jim McKim)
Organization: NASA/Lewis Research Center, Cleveland
Lines: 12

In article <1991Mar19.014000.7582@virtech.uucp> cpcahil@virtech.uucp (Conor P. Cahill) writes:
>There exists a bug in the rlogin daemon on ISC UNIX 2.2 which under
>certain conditions will allow a non-privileged user to become root.

Our unix (not ISC, not 2.2) also has the bug.  Might be worth
checking into regardless of your version.

--
----------------
Jim McKim  /  Internet: mckim@mildred.lerc.nasa.gov		"" -
Phone: +1 216 891 2977  /  Packet: kb8dcr@kb8dcr.ampr.org	Needermeyer
----------------