From packrat@fenrus.rattus.uwa.edu.au  Sat Aug  3 11:28:05 1996
Received: from uniwa.uwa.edu.au (root@uniwa.uwa.edu.au [130.95.128.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA28178
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 3 Aug 1996 11:28:03 -0700 (PDT)
Received: from fenrus.rattus.uwa.edu.au ([130.95.62.101]) by uniwa.uwa.edu.au (8.6.11/8.6.9) with ESMTP id CAA23547 for <FreeBSD-gnats-submit@freebsd.org>; Sun, 4 Aug 1996 02:27:53 +0800
Received: (from packrat@localhost) by fenrus.rattus.uwa.edu.au (8.7.5/8.7.3) id CAA00739; Sun, 4 Aug 1996 02:16:46 +0800 (WST)
Message-Id: <199608031816.CAA00739@fenrus.rattus.uwa.edu.au>
Date: Sun, 4 Aug 1996 02:16:46 +0800 (WST)
From: packrat@iinet.net.au
Reply-To: packrat@iinet.net.au
To: FreeBSD-gnats-submit@freebsd.org
Subject: Incorrect address binding of Kerberized rlogin
X-Send-Pr-Version: 3.2

>Number:         1461
>Category:       bin
>Synopsis:       Incorrect address binding of Kerberized rlogin
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug  3 11:30:01 PDT 1996
>Closed-Date:    Thu Aug 10 11:21:07 PDT 2000
>Last-Modified:  Thu Aug 10 11:25:00 PDT 2000
>Originator:     Bruce Murphy
>Release:        FreeBSD 2.2-960801-SNAP i386
>Organization:
>Environment:

Machine used as a firewall between a private network 192.168.1.x and a
full internet network

>Description:

The bound address of the socket obtained by the kerberized rlogin
program is that of either the primary interface or the interface
containing the default route, not the interface which actually emits the
packets.

>How-To-Repeat:

One internal network, directly connected to ed1 192.168.1.x
External network connected to a 255.255.255.0 netmasked subnetwork of a
B-class network on ed0.

Route directly to internal network, route directly to external subnet
and default route to the rest of the world via a router on the external
subnet.

rlogin to a host on the internal network has local address bound to the
address of the external subnet's interface (as seen with a tcpdump trace
from another machine on the internal net). Normal IP-based rlogin
authentication fails horribly at this point.

>Fix:
	
Recompile the rlogin (and presumably other r* commands) with both
KERBEROS and CRYPT support defines commented out in the Makefile. 

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: phk 
State-Changed-When: Tue Apr 14 12:11:16 PDT 1998 
State-Changed-Why:  
is this fixed ? 
State-Changed-From-To: feedback->closed 
State-Changed-By: johan 
State-Changed-When: Thu Aug 10 11:21:07 PDT 2000 
State-Changed-Why:  
Feedback timed out and this was in the 2.2.X days which 
is unmaintained today. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=1461 
>Unformatted:
