|
|
Home : Advisories : AIX REXD Daemon Vulnerability
| Title: |
AIX REXD Daemon Vulnerability |
| Released by: |
CERT |
| Date: |
5th February 1992 |
| Printable version: |
Click here |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
CA-92:05
Last Revised: September 19,1997
Attached copyright statement
CERT Advisory
March 5, 1992
AIX REXD Daemon Vulnerability
- ---------------------------------------------------------------------------
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a vulnerability with the rexd daemon
in versions 3.1 and 3.2 of AIX for IBM RS/6000 machines.
IBM is aware of the problem and it will be fixed in future updates to
AIX 3.1 and 3.2. Sites may call IBM Support (800-237-5511) and ask for
the patch for apar ix21353. Patches may be obtained outside the U.S. by
contacting your local IBM representative.
The fix is also provided below.
- ---------------------------------------------------------------------------
I. Description
In certain configurations, particularly if NFS is installed,
the rexd (RPC remote program execution) daemon is enabled.
Note: Installing NFS with the current versions of "mknfs" will
re-enable rexd even if it was previously disabled.
II. Impact
If a system allows rexd connections, anyone on the Internet can
gain access to the system as a user other than root.
III. Solution
CERT/CC and IBM recommend that sites take the following actions
immediately. These steps should also be taken whenever "mknfs" is run.
1. Be sure the rexd line in /etc/inetd.conf is commented out by
having a '#' at the beginning of the line:
#rexd sunrpc_tcp tcp wait root /usr/etc/rpc.rexd rexd 100017 1
2. Refresh inetd by running the following command as root:
refresh -s inetd
- ---------------------------------------------------------------------------
The CERT/CC wishes to thank Darren Reed of the Australian National
University for bringing this vulnerability to our attention and
IBM for their response to the problem.
- ---------------------------------------------------------------------------
If you believe that your system has been compromised, contact CERT/CC or
your representative in FIRST (Forum of Incident Response and Security Teams).
Internet E-mail: cert@cert.org
Telephone: 412-268-7090 (24-hour hotline)
CERT/CC personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
on call for emergencies during other hours.
Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous ftp
from cert.org (192.88.209.5).
- ------------------------------------------------------------------------------
Copyright 1992 Carnegie Mellon University. Conditions for use, disclaimers,
and sponsorship information can be found in
http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .
If you do not have FTP or web access, send mail to cert@cert.org with
"copyright" in the subject line.
CERT is registered in the U.S. Patent and Trademark Office.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Revision History:
September 19,1997 Attached Copyright Statement
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBOBS+UVr9kb5qlZHQEQI0LQCfWA8GlZ6I24a8m4GhcQsUDBXpW8oAoK15
tUOZ5zJvH+fPH6HAUNh434XN
=+Ixw
-----END PGP SIGNATURE-----
|
