I compiled the program below QuadFat under NS 3.3pl1 I know nothing else about it except that it is supposed to fix the CERT advisory. Despite what the manpage says, there is no kerberos support in this version. From: distler@golem.ph.utexas.edu (Jacques Distler) Subject: Re: Patched rlogin source? -- Re: CERT Advisory CA-97.06 - Vulnerability in rlogin/term Date: Fri, 07 Feb 1997 21:13:09 -0600 Newsgroups: comp.sys.next.sysadmin To: comp-sys-next-sysadmin@antigone.com In article <5dfuu0$7mo@agate.berkeley.edu>, izumi@pinoko.berkeley.edu wrote: >Could someone upload source+binary for "rlogin" that fixes the following >security bug to FTP sites (and let us know)? > >For those systems that are running NS/OS versions < 4.1. > The source code for the FreeBSD2.2 version of "rlogin", hacked to compile and run under NS (tested on 3.3 for HPPA) can be found at You will find both the original FreeBSD source, and my (very minor) modifications. Just do a "diff" to see what I changed. To build it, you should be able to simply type "make". Note, I did NOT bother to get the Kerberos support, available under the FreeBSD version of "rlogin", to work. I expect it is probably not too hard, should anyone like to try. Note, too, that rlogin must be installed setuid root. Now that you've had fun with "rlogin", anyone care to tackle replacing "rpc.rstatd" (NS <4.0 vulnerable, according to CERT Advisory CA-96.09), or "talkd" (CA-97.04). Jacques Distler ----------------------------------------------------------------