[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

Subject: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)
Date: Tue, 15 Aug 2000 13:57:56 -0600 (MDT)


===============================================================================
Robb Kambic                                Unidata Program Center
Software Engineer III                      Univ. Corp for Atmospheric Research
address@hidden             WWW: http://www.unidata.ucar.edu/
===============================================================================

---------- Forwarded message ----------
Date: Tue, 15 Aug 2000 14:49:05 -0500
From: Pete Pokrandt <address@hidden>
To: David B. Bukowski <address@hidden>
Subject: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd) 


All,

Actually, the .rhosts file referred to in my previous email was created
by someone who had exploited the telnet daemon vulnerability (not on my
system, but on one of our SGI Varisity program managers boxes..)

The telnetd vulnerability DOES NOT require a .rhosts file
to exist for a remote user to get root access on your 
machine.

They just connect to port 23 of your machine and send the
right information, and BOOM they have root access to your
machine.

Telnetd does not use the .rhosts file.  The .rhosts file
was just placed there as another method of entry.

Pete


In a previous message to me, you wrote: 

 >the same threat exists with rlogin.
 >rlogin reads from the .rhosts file also.  This service is on linux systems
 >also named as "shell"  Here is an already commented out service listing in
 >the /etc/inetd.conf file
 >
 >#login  stream  tcp     nowait  root    /usr/sbin/tcpd  in.rlogind
 >
 >This program is accessed by the rlogin program.  
 >
 >
 >-----------------------------------------------------------------------------
  >--
 >David B. Bukowski             |email (work):          address@hidden
 >Network Analyst                       |email (personal):      davebb@cshsches
  >s.org
 >College of Dupage             |pager:                 (630) 266-7775
 >Glen Ellyn, Illinois          |work phone:            (630) 942-2591
 >-----------------------------------------------------------------------------
  >--
 >


--
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+
^ Pete Pokrandt                    V 1447  AOSS Bldg  1225 W Dayton St^
^ Systems Programmer               V Madison,         WI     53706    ^
^                                  V      address@hidden       ^
^ Dept of Atmos & Oceanic Sciences V (608) 262-3086 (Phone/voicemail) ^
^ University of Wisconsin-Madison  V       262-0166 (Fax)             ^
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+

Prev by Date: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)
Next by Date: Re: 20000809: Main Feed Change request
Previous by thread: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)
Next by thread: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)
Index(es):
- Date
- Thread