Therefore, it's possible to determine which account names are valid.
This is an issue only for particularly paranoid sites that probably
already have rshd disabled, but I thought it would be worth issuing a
warning anyway.
A cursory investigation of some local machines showed the following:
Affected: Linux, NetBSD, Digital Unix 4.0
Not affected: HP-UX, Solaris
Linux's rsh client also seems to have a bug where the second of the
above cases prints random error strings. This will all be fixed in the
next release (unfortunately, not yesterday's release...)
-- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino