
Rlogin froot
The rlogin froot vulnerability allows anyone to log in remotely as root
without a password. An intruder exploits the vulnerability by issuing the following
command:
Risk: High
OS Vulnerable: AIX and Linux
Fix: Either disable rlogind or contact your vendor for a patch.
To disable rlogind:
Advisories:
AIX Patch: AIX Fixdist Patch Package on FTP aix.boulder.ibm.com. See
Comment out the rlogind in the following file: /etc/inetd.conf
Kill -HUP