COMMAND
rlogind
SYSTEMS AFFECTED
BSDI 2.0, 2.1
PROBLEM
Following is based on RSI Alert Advisory. Credit goes to Mark
Zielinski. A vulnerability exists in all current versions of BSDI
that has the potential to allow an attacker to gain remote root
access on any server running BSDI with rlogind enabled.
Due to insufficient bounds checking, a buffer overflow can result
when rlogind attempts to copy the connecting hostname into a
buffer with a predefined size. While overwriting the buffer, the
attacker can manipulate the stack and execute their own commands,
possibly gaining root access on the server.
SOLUTION
No patch currently available. Wait for Berkeley Software Deisgn
Inc. to release an official patch. Until then disable rlogind:
1. su to the root account
2. kill -9 `ps -aux | grep rlogind | awk '{print $2}'`
3. edit /etc/inetd.conf with your favorite editor
4. place a # in front of any lines beginning with "login"
This bug was fixed in the 3.0 and 3.1 releases.