| VID |
17005 |
| Severity |
20 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The walld RPC service is running. It is usually used by the administrator to tell something to the users of a network by making a message appear on their screen.
Since this service lacks any kind of authentification, a cracker
may use it to trick users into doing something (change their password, leave the console, or worse), by sending a message which would appear to be written by the administrator.
It can also be used as a denial of service attack, by continually sending garbage to the users screens, preventing them from working properlly.
* References:
http://www.iss.net/security_center/static/150.php
http://www.ciac.org/ciac/bulletins/ciac-05.shtml
http://ciac.llnl.gov/ciac/bulletins/ciac-06.shtml |
| Recommendation |
If you do not use this service, then disable it as it may become a security threat in the future, if a vulnerability is discovered.
To disable 'walld' service,
first, you become a root, and then stop the service like the following:
# rpcinfo -d [program num] [version num]
And comment its entry by putting a # at the beginning of the line and revoke 'inetd' daemon.
Solaris 10, Solaris 11, Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
1. you become a root, and then stop the service like the following:
# rpcinfo -d [program num] [version num]
2. comment its entry by putting a # at the beginning of the line with 'walld' in /etc/rpc
3. # pkill -HUP (x)inetd |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
