COMMAND
rlogind
SYSTEMS AFFECTED
Linux
PROBLEM
rlogind uses the enviromental variable TERM, but does not check
the bounds of the array it goes into. Thus, an overflow the stack
and rewrite the stack exploit can used to gain root access. If
you run (more or less) any disturbution of Linux and have not
upgraded to or past Netkit 8, then you are in trouble.
SOLUTION
Disable rlogind in /etc/inetd.conf and then restart inetd (kill
-HUP < PID of inetd> ) and then download the latest Netkit;
configure, compile and install.