[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : AIX REXD Daemon Vulnerability

Title: AIX REXD Daemon Vulnerability
Released by: CERT
Date: 5th February 1992
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



===========================================================================

CA-92:05 

Last Revised:  September 19,1997

                Attached copyright statement







                               CERT Advisory

                                March 5, 1992

                        AIX REXD Daemon Vulnerability



- ---------------------------------------------------------------------------



The Computer Emergency Response Team/Coordination Center (CERT/CC) has

received information concerning a vulnerability with the rexd daemon

in versions 3.1 and 3.2 of AIX for IBM RS/6000 machines.



IBM is aware of the problem and it will be fixed in future updates to

AIX 3.1 and 3.2.  Sites may call IBM Support (800-237-5511) and ask for

the patch for apar ix21353.  Patches may be obtained outside the U.S. by

contacting your local IBM representative.



The fix is also provided below.



- ---------------------------------------------------------------------------



I.   Description



     In certain configurations, particularly if NFS is installed,

     the rexd (RPC remote program execution) daemon is enabled.



     Note: Installing NFS with the current versions of "mknfs" will

     re-enable rexd even if it was previously disabled.



II.  Impact



     If a system allows rexd connections, anyone on the Internet can

     gain access to the system as a user other than root.



III. Solution 



     CERT/CC and IBM recommend that sites take the following actions

     immediately.  These steps should also be taken whenever "mknfs" is run.



     1.  Be sure the rexd line in /etc/inetd.conf is commented out by

     having a '#' at the beginning of the line:



         #rexd   sunrpc_tcp tcp  wait  root  /usr/etc/rpc.rexd rexd 100017 1



     2.  Refresh inetd by running the following command as root:



         refresh -s inetd





- ---------------------------------------------------------------------------

The CERT/CC wishes to thank Darren Reed of the Australian National

University for bringing this vulnerability to our attention and

IBM for their response to the problem.

- ---------------------------------------------------------------------------



If you believe that your system has been compromised, contact CERT/CC or

your representative in FIRST (Forum of Incident Response and Security Teams).



Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT/CC personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),

           on call for emergencies during other hours.



Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890



Past advisories, information about FIRST representatives, and other

information related to computer security are available for anonymous ftp

from cert.org (192.88.209.5).





- ------------------------------------------------------------------------------



Copyright 1992 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Revision History:



September 19,1997  Attached Copyright Statement



-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBS+UVr9kb5qlZHQEQI0LQCfWA8GlZ6I24a8m4GhcQsUDBXpW8oAoK15

tUOZ5zJvH+fPH6HAUNh434XN

=+Ixw

-----END PGP SIGNATURE-----








(C) 1999-2000 All rights reserved.