For mgetty users with non-trusted shell logins

Robert Canary (rwcanary@mail.lig.bellsouth.net)
Wed, 27 Jan 1999 00:20:48 -0600

Messages sorted by:[ date ][ thread ][ subject ][ author ]

Hi,

Gert Doering wrote:

> Hi,
>
> On Tue, Jan 26, 1999 at 06:42:39PM +0100, l41484@alfa.ist.utl.pt wrote:
> > > Basically, this IS the "rlogin" trick.
> >
> > Although i'm not familiar with other technologies and i maybe shooting in
> > the darking, but there are other ways, things like DEC LAT. No?
>
> Correct.  It boils down to: "if there is something under /dev that you
> can open to directly talk to the modem, chances are high that you ARE
> vulnerable, regardless where your modem is physically connected to".
>
> This means that terminal servers that present the modem transparently
> via TCP/IP as a /dev/tty<something> ARE quite likely vulnerable.  AIX
> terminal servers come to my mind, they work just great with mgetty,
> and hardly otherwise...
>
> If there's no /dev/whatever, and modems connections are kind of
> "one-way", you aren't vulnerable.

I don't see how it is possible *not* to have a ttyXx or cuaX under /dev.
mgetty+sendfax config revolves around those devices.  So is this a
teaser or
can it be done?

--
robert