defrexec

Vulnerability Description

Brief description: the rexec (8) service is running

Full description: The rexecd daemon authenticates by using cleartext login names and passwords. As the passwords are reusable, its use leaves the system open to attack when passwords are sniffed or otherwise obtained.

Components: rexecd

Systems: any system running an rexec daemon

Effect(s) of exploiting: Anyone who knows a user's password, or can get it, can connect.

Detecting the hole:

1. If you have login access to the system: check the /etc/inetd.conf file for the rexec entry.
2. If you do not have login access to the system, probe on TCP port 513. This is the port rexecd normally listens on.

Fixing the hole:

1. You need login access to the system.
   1. Edit the /etc/inetd.conf file and locate the line for the rexec service.
   2. Comment it out.
   3. Send a HUP (1) signal to the inetd (8) daemon to force it to reread the configuration file.

Other information:

Keywords

rexec authentication server

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

CVE Number: CAN-1999-0618 -- The rexec service is running.

Exploit Information

Attack: Guess a password and try it. If it fails, try another.

Related Information

Advisories: ISS X-Force security advisory Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations gives an example of a problem with rexec .

Related Vulnerabilities: none yet

Reportage

Reporting: ()

Other information:

Revision Number 1

1. Matt Bishop (6/21/2000):
   Initial entry