[yellowdog-security] SECURITY: rsh

Subject: [yellowdog-security] SECURITY: rsh
From: Dan Burcaw (dburcaw@terraplex.com)
Date: Mon Oct 18 1999 - 16:46:20 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Dan Burcaw: "[yellowdog-security] SECURITY: lpr"
• Previous message: Dan Burcaw: "[yellowdog-security] UPDATE: pam (pluggable authentication modules)"

The Yellow Dog Linux Security Team has just released an update to rsh
(remote shell) package.

Package: rsh
Date: October 18, 1999
Problem:
Due to a PAM misconfiguration of rsh (remote shell), rlogin allows you to
log in, even if /etc/nologin exists.
                             
Champion Server ships with most services (/etc/inetd.conf), including rsh
and rlogin, disabled for enhanced system sercurity. This upgrade is not
necessary if you do not use rsh/rlogin.
                             
Urgency: MEDIUM
Solution: rpm -Uvh
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/rsh-0.10-28a.ppc.rpm

For more information, see our Errata and Updates web page:
http://www.yellowdoglinux.com/resources/errata.shtml

Yellow Dog Linux Security Team
Terra Soft Solutions, Inc.
security@yellowdoglinux.com

• Next message: Dan Burcaw: "[yellowdog-security] SECURITY: lpr"
• Previous message: Dan Burcaw: "[yellowdog-security] UPDATE: pam (pluggable authentication modules)"

This archive was generated by hypermail 2a24 : Tue Nov 02 1999 - 16:21:15 MST