| VID |
14018 |
| Severity |
40 |
| Port |
514 |
| Protocol |
TCP |
| Class |
R-Command |
| Detailed Description |
The RSH daemon allows users to log in with a NULL username and execute commands.
Older versions of the in.rshd daemon allow an attacker to log in as the NULL user due to a vulnerability in the ruserok() library call. The attacker can gain root access without proper authorization.
* References:
http://www.iss.net/security_center/static/112.php |
| Recommendation |
Disable the RSH service on the vulnerable system immediately by commenting it out of the inetd.conf file and restarting the inetd process.
Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
Open /etc/xinetd.d/rsh and set disable=yes
and then restart xinetd
Solaris 10, Solaris 11:
#svcadm disable svc:/network/login:rlogin
If you have to use the RSH facilities, you should contact your vendor for patch information. |
| Related URL |
CVE-1999-0180 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
