HighCheck or Attack Name: rlogin
A vulnerability exists in the rlogin daemon of some AIX and Linux systems that could allow remote attackers to log in as root without being prompted for a password. By specifying the -froot option to rlogin, the server daemon will immediately drop the user into a root shell.
Disable rlogind in the /etc/inetd.conf file and restart the inetd process. AIX 3 users should retrieve APAR IX44254 from the IBM FixDist site at ftp://aix.boulder.ibm.com/aix/tools/fixdist/fixdist.html.
CERT Advisory CA-94.09, /bin/login Vulnerability, http://www.cert.org/advisories/CA-94.09.bin.login.vulnerability.html
BUGTRAQ Mailing List, Mark G. Scheuern (mgscheue@vela.acs.oakland.edu), Re: -froot??? (AIX rlogin bug), http://geek-girl.com/bugtraq/1994_3/0100.html
