[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)


===============================================================================
Robb Kambic                                Unidata Program Center
Software Engineer III                      Univ. Corp for Atmospheric Research
address@hidden             WWW: http://www.unidata.ucar.edu/
===============================================================================

---------- Forwarded message ----------
Date: Tue, 15 Aug 2000 14:49:05 -0500
From: Pete Pokrandt <address@hidden>
To: David B. Bukowski <address@hidden>
Subject: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd) 


All,

Actually, the .rhosts file referred to in my previous email was created
by someone who had exploited the telnet daemon vulnerability (not on my
system, but on one of our SGI Varisity program managers boxes..)

The telnetd vulnerability DOES NOT require a .rhosts file
to exist for a remote user to get root access on your 
machine.

They just connect to port 23 of your machine and send the
right information, and BOOM they have root access to your
machine.

Telnetd does not use the .rhosts file.  The .rhosts file
was just placed there as another method of entry.

Pete


In a previous message to me, you wrote: 

 >the same threat exists with rlogin.
 >rlogin reads from the .rhosts file also.  This service is on linux systems
 >also named as "shell"  Here is an already commented out service listing in
 >the /etc/inetd.conf file
 >
 >#login  stream  tcp     nowait  root    /usr/sbin/tcpd  in.rlogind
 >
 >This program is accessed by the rlogin program.  
 >
 >
 >-----------------------------------------------------------------------------
  >--
 >David B. Bukowski             |email (work):          address@hidden
 >Network Analyst                       |email (personal):      davebb@cshsches
  >s.org
 >College of Dupage             |pager:                 (630) 266-7775
 >Glen Ellyn, Illinois          |work phone:            (630) 942-2591
 >-----------------------------------------------------------------------------
  >--
 >


--
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+
^ Pete Pokrandt                    V 1447  AOSS Bldg  1225 W Dayton St^
^ Systems Programmer               V Madison,         WI     53706    ^
^                                  V      address@hidden       ^
^ Dept of Atmos & Oceanic Sciences V (608) 262-3086 (Phone/voicemail) ^
^ University of Wisconsin-Madison  V       262-0166 (Fax)             ^
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+