Telnet "froot" attack: back to the future 1994 with AIX

Remember the solaris telnet bypass vulnerability, this security flaw allows anyone to bypass the authentication mecanism just by supplying some parameters

Information and exploit are here

Exploiting this breach is very simple so that reminds me something i’ve used during my earlier days when i started playing with exploits.

This vulnerability was about a bug in rlogin that affected AIX 3.1 and AIX 3.2.
As far as i can remember, this was posted in the great Linux USENET admin group in 1994 (old memories guys hein !!!). I was then 20 years old.

The attack was performed using the same technique :
rlogin -froot target

Info about this "oldie" attack here

It was so funny to see that 13 years later, this kind of attack works again on sophisticated and secured systems.



Related Articles