2002104

	rlogin TERM overflow
advICE :Intrusions : 2002104

FAQ

Oh my gosh, I'm being HACKED!!!

How do I report the hacker to my ISP?

I'm seeing lots of attacks, is this normal?

Summary
An attempt has been made to overflow the TERM field during the rlogin connection sequence.
Details
The rlogin protocol is designed to seamlessly login from one machine to another. In order to accomplish this feat, it must transfer information about the users terminal type. This is sent within a specific field within the rlogin protocol.
Some implementations of rlogin have a bug where they do not validate the contents of this field. This leads to a standard buffer overflow condition.

more information

advICE: Buffer overflows: More about this general class of attacks, which is the root cause of many attacks on the Internet.
rlogin exploits
BugtraqID: 242 Multiple Vendor rlogin Vulnerability
CERT: CA-97.06.rlogin-term Vulnerability in rlogin/term
CVE-1999-0046 Buffer overflow of rlogin program using TERM environmental variable

parametric information

length The length of the password; if it is longer than a few hundred characters, then it may be a buffer overflow attempt.

configuration for this item

login.maxpass 100 The maximum length of a password.

 
Version appeared:

rlogin TERM overflow