netbsd-bugs: security/9673: inetd.conf has "login" and "shell" default on

Subject: security/9673: inetd.conf has "login" and "shell" default on
To: None <gnats-bugs@gnats.netbsd.org>
From: Erik E. Fair <fair@digital.clock.org>
List: netbsd-bugs
Date: 03/25/2000 12:33:06

>Number:         9673
>Category:       security
>Synopsis:       inetd.conf has "login" and "shell" default on
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    security-officer (NetBSD Security Officer)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 25 12:33:00 2000
>Last-Modified:
>Originator:     Erik E. Fair
>Organization:
International Organization of Internet Clock Watchers
>Release:        1.4.2
>Environment:
	
System: NetBSD digital.clock.org 1.4.2_ALPHA NetBSD 1.4.2_ALPHA (DIGITAL) #10: Mon Jan 10 22:38:56 PST 2000 fair@doomsday.clock.org:/usr/obj/sys/arch/alpha/compile/DIGITAL alpha


>Description:
	/etc/inetd.conf as distributed by NetBSD has "login" (rlogin),
	and "shell" (rsh) services turned on by default.

	Given that the main authentication mechanism of these two protocols
	(.rhosts) is known to be weak, these should be off by default.
>How-To-Repeat:
	
>Fix:
	
>Audit-Trail:
>Unformatted: