rlogin -froot Remote Root Access

This script is Copyright (C) 2002-2012 Tenable Network Security, Inc.

Synopsis :

It is possible to connect to this host as 'root' without a password.

Description :

The remote /bin/login seems to be affected by a 'forced root login'
vulnerability. By attempting to connet via rlogin and forcing it to
use the root account (rlogin -froot), any attacker may use this flaw
to gain remote root access on this system.

Solution :

Upgrade your /bin/login, or comment out the 'rlogin' line in
/etc/inetd.conf and restart the inetd process

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 10.0
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 10161 ()

Bugtraq ID: 458

CVE ID: CVE-1999-0113