This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
=============================================================================== Robb Kambic Unidata Program Center Software Engineer III Univ. Corp for Atmospheric Research address@hidden WWW: http://www.unidata.ucar.edu/ =============================================================================== ---------- Forwarded message ---------- Date: Tue, 15 Aug 2000 14:49:05 -0500 From: Pete Pokrandt <address@hidden> To: David B. Bukowski <address@hidden> Subject: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd) All, Actually, the .rhosts file referred to in my previous email was created by someone who had exploited the telnet daemon vulnerability (not on my system, but on one of our SGI Varisity program managers boxes..) The telnetd vulnerability DOES NOT require a .rhosts file to exist for a remote user to get root access on your machine. They just connect to port 23 of your machine and send the right information, and BOOM they have root access to your machine. Telnetd does not use the .rhosts file. The .rhosts file was just placed there as another method of entry. Pete In a previous message to me, you wrote: >the same threat exists with rlogin. >rlogin reads from the .rhosts file also. This service is on linux systems >also named as "shell" Here is an already commented out service listing in >the /etc/inetd.conf file > >#login stream tcp nowait root /usr/sbin/tcpd in.rlogind > >This program is accessed by the rlogin program. > > >----------------------------------------------------------------------------- >-- >David B. Bukowski |email (work): address@hidden >Network Analyst |email (personal): davebb@cshsches >s.org >College of Dupage |pager: (630) 266-7775 >Glen Ellyn, Illinois |work phone: (630) 942-2591 >----------------------------------------------------------------------------- >-- > -- +>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+ ^ Pete Pokrandt V 1447 AOSS Bldg 1225 W Dayton St^ ^ Systems Programmer V Madison, WI 53706 ^ ^ V address@hidden ^ ^ Dept of Atmos & Oceanic Sciences V (608) 262-3086 (Phone/voicemail) ^ ^ University of Wisconsin-Madison V 262-0166 (Fax) ^ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+