Rexec on the Internet
CAN 1999-0618
Impact
The rexec service transmits passwords in the clear,
leaving the system susceptible to network sniffing attacks. This service
could also help an attacker identify accounts on the system.
Background
The rexec service allows remote users, using an rexec
client, to execute commands and programs on the rexec server. The rexec
client looks in a .netrc file to find the password which is used
for authentication on the server.
The Problem
Passwords are transmitted
plaintext and in the clear, so if attackers have installed network
sniffers between the client and the server, they could see passwords and
compromise accounts on the target system.
Also, an attacker could determine
whether or not an account exists on the server from the response returned
by the server upon a failed rexec attempt.
Resolution
The one sure method to eliminate this vulnerability is to turn off the
rexec service, by editing the /etc/inetd.conf file,
commenting out the rexec service, and
sending a HUP (restart) signal to the inetd process.
To help limit access to vulnerable services on your network, you should use
TCP wrappers.
Where can I read more about this?
Search your system's man pages for information on the rexec and
rexecd services for more information.