http://xforce.iss.net/static/7284.php
this overflow in login can be exploited remotly when telnet or rlogin is used ..
it affects
AIX 4.3
AIX 5.1
Solaris 8 and earlier
hmm .. i wonder if anybody is still opening telnet , rlogin to the open world .. this also proofes that the comercial unices arent more secure than linux ..
Unfortunatly lots of companies still have telnetd running to the outside world. I don't even know why people want it to be running on the inside as sshd is a better replacement.
I run telnetd. Why? *Because at my school they block port 22, but not 23. *I tried to convince them to open port 22, but they didn't want to (Windows network, I guess it was too big a riskUnfortunatly lots of companies still have telnetd running to the outside world. I don't even know why people want it to be running on the inside as sshd is a better replacement.) Also, telnetd-ssl uninstalled sshd so it's not a possibility.*So in order to connect to my box, I telnet into my gateway and then ssh into my workstation. *And no, I don't feel like changing the port.
This is exactly the type of thing that GNU is great at fixing. Commercial unices do have their perks too though. I believe if you code on Solaris, there are builtin libraries that you can use to prevent buffer overflow exploits. I guess it just wasn't used in login
???????
So in order to connect to my box, I telnet into my gateway and then ssh into my workstation. *And no, I don't feel like changing the port.
you run telnet to connect from school to your home gateway and then once on the gateway use ssh to hit your workstation?
am i understanding this correctly?
Posting Permissions
Reply With Quote
Bookmarks