For mgetty users with non-trusted shell logins

Gert Doering (gert@greenie.muc.de)
Wed, 27 Jan 1999 16:56:37 +0100

Messages sorted by:[ date ][ thread ][ subject ][ author ]

Hi,

On Wed, Jan 27, 1999 at 07:16:56AM +0100, Marc SCHAEFER wrote:
> Gert Doering <gert@greenie.muc.de> wrote:
> > This means that terminal servers that present the modem transparently
> > via TCP/IP as a /dev/tty<something> ARE quite likely vulnerable.  AIX
> > terminal servers come to my mind, they work just great with mgetty,
> > and hardly otherwise...
> 
> Well, yes and no. No if when the modem hangups OR when the local system
> requests hangups the link between the TCP port and the modem is broken
> till next call.

Yes, it works only if the connection works /dev/ -> modem, even if no
incoming call is active.

> Do you know the details of the AIX/terminal server implementation ?
> Isn't it just the ``rlogin trick'' also and thus not vulnerable ?

No, the /dev/tty<x> is *hardwired* via a special device driver to 
"terminal server <a>, port <b>".  So you can use this for dialout, and
there is a mgetty listening on this /dev/tty<x> device for answer ->
I'm fairly sure it works.

gert

-- 
Gert Doering
Mobile communications ... right now writing from *AWAY* :-)) 
... mobile phone: +49 177 2160221 ... or mail me:  gert@greenie.muc.de