Slashdot Mirror

← Back to Stories (view on slashdot.org)

Solaris, AIX Login Hole

Posted by michael on from the still-another-reason-not-to-use-telnet dept.

An anonymous submitter sent in: "A CERT Advisory describes a buffer overflow vulnerability in implementations of login derived from System V, which includes among Solaris 8 and earlier and AIX 4.3/5.1. "An exploit exists and may be circulating." Vendors are testing fixes." There's a Reuters story as well.

2 of 267 comments (clear)

  1. Re:See, Unix has problems too now. by vinnythenose · · Score: 3, Redundant

    Acutally it's been known for a long time that telnet and rlogin are insecure. The effort has been to shift people to secure methods such as OpenSSH for those things. For the most part any sysadmin that has been using telnet and rlogin is probably too lazy to switch. I worked under a sysadmin for a while and it took months of pushing to get him to start implemting SSH across the board.

    --
    --- I used to moderate, then I read the -1 articles and decided having to filter through them was not worth it.
  2. I must be missing something by overshoot · · Score: 2, Redundant

    This affects systems with telnet or rlogin accessible from the Internet? The implication is that these were somehow not vulnerable without this buffer overrun.
    News to me.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."