Rlogin froot contents.gifindex.gif

Rlogin froot

The rlogin froot vulnerability allows anyone to log in remotely as root without a password. An intruder exploits the vulnerability by issuing the following command:

rlogin victim.com -l -froot

The intruder sees the login banner and get a superuser shell.

Risk: High

OS Vulnerable: AIX and Linux

Fix: Either disable rlogind or contact your vendor for a patch.

To disable rlogind:

ISS_NT00000000.gif Comment out the rlogind in the following file: /etc/inetd.conf

ISS_NT00000000.gif Kill -HUP inetd server to put the change into effect

Advisories: CA-94:09.bin.login.vulnerability

AIX Patch: AIX Fixdist Patch Package on FTP aix.boulder.ibm.com. See FixDist / TapeGen User's Guide