Remote Login on the Internet
Impact
This vulnerability allows malicious remote users to gain shell access to a
target system without ever being prompted for a password.
Background
The rlogin service allows remote users, using an rlogin
client, to log on to an rlogin server without the need
for a password. The rlogin process is similar to telnet, in
that it gives users shell access to a remote computer. But, unlike telnet,
rlogin does not prompt the user for a username (although, in most cases, the
user is prompted for a password). The rlogin process uses
the .rhosts file to list trusted hosts (those machines allowed to use the service). If the
.rhosts file is not configured properly, it is possible for a hacker to gain
access to a target machine, via the rlogin process, without being
prompted for a password.
The Problem
This vulnerability allows unauthorized, untrusted users to gain shell
access to a target machine without being prompted for a password. In
other words, hackers exploiting this vulnerability can gain access to a
target machine as a trusted user and then delete system files, change
configuration files and generally wreak havoc on the target machine. Another
problem with this service is that even when passwords are prompted for, they
are transmitted plaintext and in the clear (in other words, they are
sent to and from the machine unencrypted), so that any hacker using a password
sniffer program can "grab" them and then access the target system as a trusted user.
Resolution
One fix for this vulnerability is to disable the rlogin
service. If that is not practical, then risks may be minimized by using
an encrypted version, such as Kerberos.
Or, you may use
TCP wrappers to help secure your network.
Where can I read more about this?
Search your system's man pages for information on the rlogin
service for more information.