Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jun 1996 09:55:12 +1000
From:      Danny Smith <danny@auscert.org.au>
To:        "Jordan K. Hubbard" <jkh@time.cdrom.com>
Cc:        guido@gvr.win.tue.nl (Guido van Rooij), hackers@freebsd.org, security@freebsd.org, ache@freebsd.org
Subject:   Re: No comment character in hosts.equiv
Message-ID:  <199606242355.JAA29733@amethyst.auscert.org.au>
In-Reply-To: Your message of "Sun, 23 Jun 1996 23:29:30 MST." <10326.835597770@time.cdrom.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----

Content-Type: text/plain; charset=us-ascii

(Note the change of subject line!)

"Jordan K. Hubbard" writes:

> Hmmm.  We have reason to believe that he *didn't* get root (though
> we're still assuming he did, just to be paranoid) and if the mod times
> can be trusted, hosts.equiv hasn't been touched in many months (and
> localhost is commented out).
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

There is no comment character in either the hosts.equiv file or the 
.rhosts file.  Use of this may allow someone to spoof DNS and gained 
trusted access.

Check out the code relating to calls to ruserok().

This is clearly detailed in the AUSCERT Unix Security Checklist which can 
probably be obtained from a mirror site near you (access to the AUSCERT 
ftp server has been temporarily restricted due to funding shortages).

Danny Smith.

==========================================================================
 Danny Smith                      |  Fax:    +61 7 3365 4477
 AUSCERT                          |  Phone:  +61 7 3365 4417
 c/- Prentice Centre              |  (answered during business hours)
 The University of Queensland     |  (on call after hours for emergencies)
 Qld.  4072.  Australia           |  Internet:  auscert@auscert.org.au



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Finger pgp@ftp.auscert.org.au to retrieve AUSCERT's public key

iQCVAwUBMc+3fSh9+71yA2DNAQECawP7B/jmCyZN6NgANUku2wFcnJ+6DyxCPTYP
QsORkyWfs79PKqItgx3XLO4CpBT0YXNUC6Q2TKwopSrj0mn1gX4+zJKGImWGAE0s
5DUM8XBenfU/+rxAltPiFvneORPbTGg9wZaSlAVISuxTJH7T8LghIiPFw58oELcY
WbetUnf1G7w=
=mEVx
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606242355.JAA29733>