• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

AIX login(1) Vulnerability

Solution:
IBM has made the following APAR available to address this problem:

AIX 3.X
---------
APAR # IX44254

Furthermore, this install script for the patch was posted to the Bugtraq mailing list by H Morrow Long <long-morrow@cs.yale.edu> Mon, 23 May 1994.

#!/bin/sh
#
# H. Morrow Long, Yale CSCF
#
# Version "tsm-3.2.0".
AIX_VERSION="tsm-3.2.0"
#
# Patch path directory /cs/local/src/AIX/rlogin/
AIX_PATCH_DIR="/cs/local/src/AIX/rlogin"

AIX_TSM_PATCH="$AIX_PATCH_DIR/$AIX_VERSION"

# Root should NOT be allowed to rlogin as user ROOT anyway! DISABLE root rlogin
#
chuser rlogin='false' root
#
#
# 1. As root, edit /etc/inetd.conf
# Comment out the line 'login ... rlogin'

sed 's/^login/# login/' /etc/inetd.conf > /tmp/inetd.conf.NEW
cp -p /etc/inetd.conf /etc/inetd.conf.BACKUP
cp /tmp/inetd.conf.NEW /etc/inetd.conf

# 2. Run 'inetimp'
inetimp
# 3. Run 'refresh -s inetd'
refresh -s inetd
#
#
#
# APAR IX44254 -- rlogin security hole
#
# This document describes how to apply the emergency patch for APAR
# IX44254. This emergency patch is not the permanent solution to this
# problem, it merely provides a means to restore rlogin functionality
# in a more secure manner.
#
# Begin by identifying the correct level for your system. The command
# "oslevel" may be used for this purpose on AIX v3.2 systems. For AIX
# v3.1 systems you must know the last maintenance level which was
# applied.
#
# If the "oslevel" command returns "oslevel: not found" or a similar
# message from the shell, you must use "tsm-3.2.0".
#
# If the "oslevel" command returns "<3240" or "<>3240", you must use
# "tsm-3.2.0".
#
# If the "oslevel" command returns "=3240", ">3240", "<3250" or "<>3250",
# you must use "tsm-3.2.4".
#
# If the "oslevel" command returns "=3250" or ">3250", you must use
# "tsm-3.2.5".
#
#
# Once you have determined the correct version, execute the following
# steps.
#
# 1). "cd /usr/sbin"
cd /usr/sbin
# 2). If the file "tsm.ix44254" does not exist, execute "mv tsm tsm.ix44254"
mv tsm tsm.ix44254
# 3). "cp <version> tsm" where "<version>" was figured out above.
# "tsm-3.2.0".

# cp /cs/local/src/AIX/rlogin/tsm-3.2.0 ./tsm
cp "${AIX_TSM_PATCH}" ./tsm

# 3). "rm -f login getty"
rm -f login getty
# 4). "chown root.security tsm"
chown root.security tsm
# 5). "chmod 4554 tsm"
chmod 4554 tsm
# 6). "ln tsm login"
ln tsm login
# 7). "ln tsm getty"
ln tsm getty
# 8). "chmod a-x tsm.ix44254"
chmod a-x tsm.ix44254
#

cp -p /etc/inetd.conf.BACKUP /etc/inetd.conf

# 2. Run 'inetimp'
inetimp
# 3. Run 'refresh -s inetd'
refresh -s inetd
#

#
# You may verify that the new login command is working correctly with the
# command
#
# rlogin localhost
rlogin localhost