COMMAND

    rlogind

SYSTEMS AFFECTED

    BSDI 2.0, 2.1

PROBLEM

    Following is  based on  RSI Alert  Advisory.   Credit goes to Mark
    Zielinski.  A vulnerability exists in all current versions of BSDI
    that has the  potential to allow  an attacker to  gain remote root
    access on any server running BSDI with rlogind enabled.

    Due to insufficient bounds checking, a buffer overflow can  result
    when  rlogind  attempts  to  copy  the  connecting hostname into a
    buffer with a predefined size.  While overwriting the buffer,  the
    attacker can manipulate the stack and execute their own  commands,
    possibly gaining root access on the server.

SOLUTION

    No  patch  currently  available. Wait for Berkeley Software Deisgn
    Inc. to release an official patch.  Until then disable rlogind:

        1. su to the root account
        2. kill -9 `ps -aux | grep rlogind | awk '{print $2}'`
        3. edit /etc/inetd.conf with your favorite editor
        4. place a # in front of any lines beginning with "login"

    This bug was fixed in the 3.0 and 3.1 releases.