ptylogin contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user caused to modem to quit accepting incomming calles, and will result in loss of availability for the modem.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
1. Use mgetty-1.1.20 provided 'ptylogin' program.
Update mgetty's login.config with:
* root dialin /usr/bin/ptylogin
2. Use rlogin to login.
Update getty's login.config with:
* nobody dialin /usr/bin/rlogin -8E localhost -l
WARNING: please check that if you enter nobody as user name, you
don't get a shell. This could happen if nobody has a
shell and localhost is listed in ~nobody/.rhosts or
The work-around works as long as there is no other specific
configuration in login.config (AutoPPP and FIDO are ok; user
specific login commands are NOT, unless the login program refuses
user name switch, ie doesn't retry on failure).