rexd

Vulnerability Description

Brief description: rexd allows commands to be executed remotely with poor or no authentication.

Full description: rexd (8) is an rpc service allowing commands to be executed by a remote client. The rexd protocol does not provide for authentication; hence, all authentication is done in the client. An attacker can simply write their own client, and can then execute commands on the target with the priviledges of any non-root uid they wish.

Components: inetd inetd.conf rpc.rexd

Systems: Any version of the UNIX system running rexd

Effect(s) of exploiting: The attacker gains access to the system with the privileges of the rexd daemon.

Detecting the hole:

    1. Check /etc/inetd.conf for a line that spawns rpc.rexd

Fixing the hole:

    1. Comment out the line that spawns rexd
    2. (Optional.) Delete the rexd daemon.

Other information:

Keywords

remote execution, authentication

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

CVE Number: CVE-1999-0627 -- The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.

Exploit Information

Attack:

Related Information

Advisories: Security Focus database entry 37 CERT Advisory CA-92.05: AIX REXD Daemon Vulnerability

Related Vulnerabilities:

Reportage

Reporting: in ( )

Revision Number 1

  1. Eric Haugh (6/27/2000):
    initial entry