[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : AIX REXD Daemon Vulnerability

Title: AIX REXD Daemon Vulnerability
Released by: CERT
Date: 5th February 1992
Printable version: Click here

Hash: SHA1



Last Revised:  September 19,1997

                Attached copyright statement

                               CERT Advisory

                                March 5, 1992

                        AIX REXD Daemon Vulnerability

- ---------------------------------------------------------------------------

The Computer Emergency Response Team/Coordination Center (CERT/CC) has

received information concerning a vulnerability with the rexd daemon

in versions 3.1 and 3.2 of AIX for IBM RS/6000 machines.

IBM is aware of the problem and it will be fixed in future updates to

AIX 3.1 and 3.2.  Sites may call IBM Support (800-237-5511) and ask for

the patch for apar ix21353.  Patches may be obtained outside the U.S. by

contacting your local IBM representative.

The fix is also provided below.

- ---------------------------------------------------------------------------

I.   Description

     In certain configurations, particularly if NFS is installed,

     the rexd (RPC remote program execution) daemon is enabled.

     Note: Installing NFS with the current versions of "mknfs" will

     re-enable rexd even if it was previously disabled.

II.  Impact

     If a system allows rexd connections, anyone on the Internet can

     gain access to the system as a user other than root.

III. Solution 

     CERT/CC and IBM recommend that sites take the following actions

     immediately.  These steps should also be taken whenever "mknfs" is run.

     1.  Be sure the rexd line in /etc/inetd.conf is commented out by

     having a '#' at the beginning of the line:

         #rexd   sunrpc_tcp tcp  wait  root  /usr/etc/rpc.rexd rexd 100017 1

     2.  Refresh inetd by running the following command as root:

         refresh -s inetd

- ---------------------------------------------------------------------------

The CERT/CC wishes to thank Darren Reed of the Australian National

University for bringing this vulnerability to our attention and

IBM for their response to the problem.

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact CERT/CC or

your representative in FIRST (Forum of Incident Response and Security Teams).

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT/CC personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),

           on call for emergencies during other hours.

Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Past advisories, information about FIRST representatives, and other

information related to computer security are available for anonymous ftp

from cert.org (

- ------------------------------------------------------------------------------

Copyright 1992 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History:

September 19,1997  Attached Copyright Statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.