| VID |
14122 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
Remote access through 'r'command may be used for * NET Backup or other purposes, but it is very vulnerable to security, so if the service port is open, it may cause infringement such as leakage of
important information and system failure. If this is inevitable, make sure that the '+' setting (allow all hosts) is not included in the .rhosts configuration.
* Affected platforms:
UNIX, Linux |
| Recommendation |
Remove the "+" from the $HOME/.rhosts file and register the allowed hosts and accounts. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
