Subject rlogin-term Date 6-feb-97
991387d222334ff9fce4bf556a7feef46b07c3125eef5f2c285e71d1c8ca4ce4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===============================================================================
>> CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl. Links <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>> <<
>> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the <<
>> complete CERT-CC advisory texts: http://www.cert.org <<
===============================================================================
===============================================================================
Security Advisory CERT-NL
===============================================================================
Author/Source : Teun Nijssen Index : S-97-08
Distribution : World Page : 1
Classification: External Version: 1
Subject : rlogin-term Date : 6-feb-97
===============================================================================
By courtesy of CERT Coordination Center we received the following information.
CERT Coordination Center advisory CA-97:06 reports a vulnerability
in many implementations of rlogin, including eklogin and klogin.
By exploiting this vulnerability, users with access to an account on the
system can cause a buffer overflow and execute arbitrary programs as root.
The CERT/CC advisory recommends installing a supplied vendor patch for this
problem. Until you can do so, we urge you to turn off rlogin or replace it
with a supplied wrapper.
CERT-NL recommends to handle according to the CERT-CC advise (or better yet
to avoid the r-series utilities completely).
All CERT Coordination Center advisories and README's are mirrored by CERT-NL.
The specific URL's for this case will be:
> ftp://ftp.surfnet.nl/surfnet/net-security/cert-cc-mirror/cert_advisories/CA-97.06.rlo
> gin-term
> ftp://ftp.surfnet.nl/surfnet/net-security/cert-cc-mirror/cert_advisories/CA-97:06.REA
> DME
The CERT Coordination Center staff thanks AUSCERT and DFN-CERT for their
contributions to the development of this advisory.
More information about the CERT-NL mirror and notifier services is
contained in News items N-95-01 (notifier) and N-95-02 (CERT mirror),
both present on ftp://ftp.surfnet.nl/surfnet/net-security/cert-nl/docs/news/
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).
All CERT-NL material is available under:
http://cert.surfnet.nl/
In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).
CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS
Phone: +31 302 305 305 BUSINESS HOURS ONLY
Fax: +31 302 305 329 BUSINESS HOURS ONLY
Snailmail: SURFnet bv
Attn. CERT-NL
P.O. Box 19035
NL - 3501 DA UTRECHT
The Netherlands
NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQA/AwUBOL6ISjSYjBqwfc9jEQIN3wCcCJvKYCUB7iqNaT/9aP3qGH8czPUAoPAl
zty5CofKXIyQl5we5OCMwu73
=qGoK
-----END PGP SIGNATURE-----