Bugtraq mailing list archives

rshd gives away usernames

From: dholland () EECS HARVARD EDU (David Holland)
Date: Fri, 13 Jun 1997 07:17:11 -0400


Try 'rsh victimhost -l realuser' and 'rsh victimhost -l nosuchuser'.
The error reported is different.

Therefore, it's possible to determine which account names are valid.
This is an issue only for particularly paranoid sites that probably
already have rshd disabled, but I thought it would be worth issuing a
warning anyway.

A cursory investigation of some local machines showed the following:

Affected: Linux, NetBSD, Digital Unix 4.0
Not affected: HP-UX, Solaris

Linux's rsh client also seems to have a bug where the second of the
above cases prints random error strings. This will all be fixed in the
next release (unfortunately, not yesterday's release...)

--
   - David A. Holland             |    VINO project home page:
     dholland () eecs harvard edu    | http://www.eecs.harvard.edu/vino

Current thread:

Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program, (continued)
- - - Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program The Nolander (Jun 12)
    - Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Thomas Koenig (Jun 14)
    - Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Adam Morrison (Jun 15)
    - Netscape Exploit root (Jun 14)
    - Bug in SGI's /cgi-bin/handler Razvan Dragomirescu (Jun 14)
    - Re: Bug in SGI's /cgi-bin/handler Yaron Yanay (Jun 15)
    - sendmail 8.8.6 released Eric Allman (Jun 14)
    - Re: Netscape Exploit Roger Espel Llima (Jun 14)
    - Re: Netscape Exploit Micah Brandon (Jun 14)
    - Re: Netscape Exploit Manoj Kasichainula (Jun 15)
    - rshd gives away usernames David Holland (Jun 13)
    - Re: rshd gives away usernames Erik Troan (Jun 13)
    - Re: rshd gives away usernames Eric (Jun 13)
    - Re: rshd gives away usernames Todd C. Miller (Jun 13)
    - Re: rshd gives away usernames Alan Brown (Jun 14)
    - Changing default UMASK for all daemons Dax Kelson (Jun 13)
    - Re: Changing default UMASK for all daemons Joe Traister (Jun 14)
    - Re: Changing default UMASK for all daemons Michael Helm (Jun 14)
    - Re: Changing default UMASK for all daemons Tomasz R. Surmacz (Jun 16)
    - Re: rshd gives away usernames Christophe Kalt (Jun 14)
    - Netscape update on their web site Robert Watson (Jun 13)

(Thread continues...)