Operating System - HP-UX

1849526 Members

7005 Online

104044 Solutions

rlogin security hole in hpux 11.00.

I?ve got a customer which is disabling a user by typing an * in the passwd field of /etc/passwd and when he enables another host in .rhosts of $HOME directory of this user to access the machine with rcommands he discovers (Oh Surprise!) that he can login from that server without passwd confirmation of course.

This happens only in his 11.00 L2000 and N4000 machines, in 10.20 machines he gets the message "account disabled", as I think he must obtain.

I?ve search kmine for this sec hole, and I?ve found that some patches of very old hp-ux introduced this same problem, but was resolved in 10.20, is it possible that we have introduced this gap again?.

Does anybody has this problem either?

Thanks

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

rlogin security hole in hpux 11.00.

rlogin security hole in hpux 11.00.