| VID |
14121 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
Remote access through 'r'command can be used for * NET Backup or other purposes but it is very vulnerable due to security and open service port will cause infringement such as leakage of important
information and system failure. If it is inevitable to use it, you should set the .rhosts file user to root or the appropriate account and set the permissions to 600.
* Affected platforms:
UNIX, Linux |
| Recommendation |
Change the owner or authority of the .rhosts file as follows:
1. Change the owner of the .rhosts file to root or to that account
#chown <user_name> $HOME /.rhosts
2. Change permissions of "/etc/hosts.equiv" file to below 600
#chmod 600 $HOME /.rhosts |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
