| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45D4BAA7.3040603@joebeasley.org> Date: Thu, 15 Feb 2007 13:55:19 -0600 From: Joe Beasley <securityadmin@...beasley.org> To: Darren Reed <avalon@...igula.anu.edu.au> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Solaris telnet vulnberability - how many on your network? Darren Reed wrote: > In some mail from Joe Shamblin, sie said: > >> How about just uncommenting the following from /etc/default/login >> >> # If CONSOLE is set, root can only login on that device. >> # Comment this line out to allow remote login by root. >> # >> CONSOLE=/dev/console >> >> Not a fix to be sure, but at least prevents a remote login. >> > > This only controls access to the account known as root. > > I'll wager that there are other accounts you could use this > to get access to (that you shouldn't be able to) which could > lead to various sorts of security issues. > > Darren > You can login with any account in /etc/passwd. I logged in as "bin" to one of my boxes. We don't allow root, so that did not work. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists