Ralf Meyer

Name of the Vulnerable Software and Affected Versions: Mac OS X versions 10.4.11 through 10.5.5 Description: The issue concerns an unspecified vulnerability in the rlogin component, specifically in the rlogind, where hosts.equiv entries are applied to the root user despite documentation stating otherwise. This could potentially allow remote attackers to bypass intended access restrictions. Recommendations: For Mac OS X versions 10.4.11 through 10.5.5, consider restricting access to the rlogind service until a fix is available. As a temporary workaround, review and limit the use of hosts.equiv entries to minimize the risk of exploitation.