rlogin is a remote login protocol used to access Unix systems. Some implementations of rlogin allow root access if given a -froot parameter, which can be exploited by attackers to gain unauthorized access to the system.
rlogin is a remote login protocol used to access Unix systems. Some implementations of rlogin allow root access if given a -froot parameter, which can be exploited by attackers to gain unauthorized access to the system.
You're affected if you use rlogin versions prior to 2.5.1. To check if your system is vulnerable, run the command rlogin -v and look for the output indicating that root access is allowed without a password.
To fix this vulnerability, upgrade to rlogin version 2.5.1 or later. You can download the patched version from the GNU Project website: https://www.gnu.org/software/rlogin/rlogin-2.5.1.tar.gz. Alternatively, you can use the following command to update your system:
sudo apt-get install rlogin=2.5.1
If an upgrade isn't possible immediately, set the RLOGIND_PASSWORD environment variable to prevent root access from being granted without a password.