RE: Sun Solaris login bug patches out

From: Reg Quinton (reggers@ist.uwaterloo.ca)
Date: 12/17/01


From: "Reg Quinton" <reggers@ist.uwaterloo.ca>
To: "'James Lick'" <jlick@drivel.com>, <focus-sun@securityfocus.com>, <bugtraq@securityfocus.com>
Date: Mon, 17 Dec 2001 12:50:54 -0500


> 2) Reg Quinton has written a wrapper to login which he believes will
> block an exploit:
http://ist.uwaterloo.ca/~reggers/drafts/login.wrapper

Several folks have explained the vulnerability to me and why my trick
doesn't work. This is the most concise:

> from Fletcher Mattox [fletcher@cs.utexas.edu]:
>
>cs.utexas.edu$ rsh cs -l zortl
>Password:
>Login incorrect
>login: zortl xxx=yyy <- this is typed by the user on stdin to login
> after the program has been exec'd and command
> line args have been processed. the same code
> processes this line (in getargs()) which is
> used to parse the command line and in which
> the buffer overflow occurs.

A wrapper like I proposed won't help at all there.



Relevant Pages

  • Re: FreeBSD 7.1 - rshd problems
    ... FreeBSD 7.1 - rshd problems ... rshd: Login incorrect. ... What do you want from rsh? ... Copyright 1992-2009 The FreeBSD Project. ...
    (freebsd-questions)
  • rsh help
    ... I was looking at rsh on freebsd 6.0, is it really execute commands ... althouth it gets login ... rshd: Login incorrect. ...
    (freebsd-hackers)