| VID |
14016 |
| Severity |
20 |
| Port |
513 |
| Protocol |
TCP |
| Class |
R-Command |
| Detailed Description |
The rlogin service is running. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the rlogin client and the rlogin server. This includes logins and passwords.
You should disable this service and use openssh instead(www.openssh.com).
* References:
http://www.iss.net/security_center/static/2995.php |
| Recommendation |
Disable the 'rexecd' service if it's not needed (Comment out the "exec" line in /etc/inetd.conf and revoke 'inetd' daemon).
Enterprise Linux 6.4, CentOS 6.4, Fedora 19
Open /etc/xinetd.d/rexec and set disable=yes
and then restart inetd
Solaris 10, Solaris 11
# svcadm disable svc:/network/rexec:default |
| Related URL |
CVE-1999-0651 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
