Rusersd Vulnerability
CVE 1999-0626
Summary
The rusersd process lists the users on a machine, what machine they are
logged in from, idle and login time information and the device that they are using.
Impact
The rusersd process can be used to create a table of usage and provide a
list of accounts and machine names.
Background
rusersd provides information about the users of a particular machine. This
information includes what machine they are logged in from, idle and login time and information
about the device they are using.
The Problem
The danger with rusersd is that it can be used
to create a table of usage that provides a list of accounts and machine names. The attacker
can use this information to try to attack accounts and other machines.
Resolution
To eliminate this vulnerability, rusersd should be
disabled by editing the inetd.conf file,
commenting out the rusersd service, and by sending a HUP signal to the
inetd process.