Rstatd Vulnerability
CAN 1999-0624
Summary
The rstatd process provides information about a machine's performance.
Impact
A hacker could exploit this vulnerability to build a table of a machine's usage based on the
load average and uptime.
Background
rstatd provides information about a machine's performance. This command is used
to check a machine's load average and availability. This command can be used by system
administrators to assess a machine's status without logging into the machine.
The Problem
The danger with
rstatd is that it can be used by a hacker to determine when a system is not
being used so an off-hours attack can be launched. Information provided by rstatd may
also aid a hacker in determining the importance of the machine.
Resolution
To eliminate this vulnerability, rstatd should be
disabled by editing the inetd.conf file, commenting out the
rstatd service, and by sending a HUP signal to the
inetd process.