REXD Access
CVE 1999-0627
Summary
This vulnerability allows for REXD remote access from arbitrary hosts.
Impact
A remote intruder can execute commands as any user. In other words, this vulnerability
allows a malicious user to impersonate a trusted user and execute commands on the system.
Background
The rexd service and the on client program
implement remote command execution via the network. To the extent that
it is possible, the complete client environment, including working
directory and environment variables, is made available on the remote
system.
The Problem
A request for remote command execution contains, among others, the
command to be executed, and a user and group id. By default, the rexd server believes everything that the client sends it. An intruder can
exploit the service to execute commands as any user (except perhaps
root). The typical rexd server has no protection against
abuse: most implementations have no provision for access control, nor
do they require that the client use a privileged network port.
Resolution
- Disable the rexd service. Usually this is accomplished by editing
the inetd.conf file, commenting out the rexd service, and
sending a HUP signal (a signal that resets a process, usually after its configuration has changed)
to the inetd process.
- Some rexd implementations can be configured to use a more secure
protocol. Consult your manual pages for details.
Where can I read more about this?