From owner-freebsd-security  Sun Aug  4 20:18:35 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id UAA13992
          for security-outgoing; Sun, 4 Aug 1996 20:18:35 -0700 (PDT)
Received: from www.sbq.org.br (sbq.sbq.org.br [143.108.1.102])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id UAA13987
          for <security@freebsd.org>; Sun, 4 Aug 1996 20:18:29 -0700 (PDT)
Received: (from sbqadm@localhost) 
           by www.sbq.org.br (8.6.12/FreeBSD2.1/8.6.12/SBQ) id AAA04628 
           for security@freebsd.org; Mon, 5 Aug 1996 00:20:29 GMT
From: "Sociedade Brasileira de Quimica/Admin" <sbqadm@sbq.org.br>
Message-Id: <199608050020.AAA04628@www.sbq.org.br>
Subject: rlogin vulnerability?
To: security@freebsd.org
Date: Mon, 5 Aug 1996 00:20:29 +0000 ()
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hello

	Sorry if this is a very stupid question but someone from
the Linux camp told me FreeBSD may be vulnerable, also, to the following
Linux security hole:

>From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
To: linux-security@tarsier.cv.nrao.edu
Cc: linux-alert@tarsier.cv.nrao.edu
Subject: [linux-alert] LSF Update#11: Vulnerability of rlogin
Date: Tue, 30 Jul 1996 18:11:00 -0400
[...]
 =============================================================================

   ABSTRACT

                A vulnerability exists in the rlogin program of NetKitB-0.6
                This vulnerability affects several widely used Linux
                distributions, including RedHat Linux 2.0, 2.1 and derived
                systems including Caldera Network Desktop, Slackware 3.0 and
                others. This vulnerability is not limited to Linux or any
                other free UNIX systems. Both the information about this
                vulnerability and methods of its expolit were made available
                on the Internet.

   RISK ASSESMENT

                Local and remote users could gain super-user priviledges


Looking the diff between the patched  Netkit and the previous one the guy
found things like:

ping.c - pr_addr(l)

998c998    
<               (void)sprintf(buf, "%s", inet_ntoa(*(struct in_addr *)&l));
---
>               (void)snprintf(buf, 75, "%s", inet_ntoa(*(struct in_addr 
*)&l));1000c1000 
<               (void)sprintf(buf, "%s (%s)", hp->h_name,
--- 
>               (void)snprintf(buf, 75, "%s (%s)", hp->h_name,

as FreeBSD (2.1.0 at least) has the same code for pr_addr(l) he concluded
it has the same vulnerability.

Thanks for any info on this

Pedro