Copy Link
Add to Bookmark
Report
CERT Advisory 041
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
CA-92:05 CERT Advisory
March 5, 1992
AIX REXD Daemon Vulnerability
- ---------------------------------------------------------------------------
The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a vulnerability with the rexd daemon
in versions 3.1 and 3.2 of AIX for IBM RS/6000 machines.
IBM is aware of the problem and it will be fixed in future updates to
AIX 3.1 and 3.2. Sites may call IBM Support (800-237-5511) and ask for
the patch for apar ix21353. Patches may be obtained outside the U.S. by
contacting your local IBM representative.
The fix is also provided below.
- ---------------------------------------------------------------------------
I. Description
In certain configurations, particularly if NFS is installed,
the rexd (RPC remote program execution) daemon is enabled.
Note: Installing NFS with the current versions of "mknfs" will
re-enable rexd even if it was previously disabled.
II. Impact
If a system allows rexd connections, anyone on the Internet can
gain access to the system as a user other than root.
III. Solution
CERT/CC and IBM recommend that sites take the following actions
immediately. These steps should also be taken whenever "mknfs" is run.
1. Be sure the rexd line in /etc/inetd.conf is commented out by
having a '#' at the beginning of the line:
#rexd sunrpc_tcp tcp wait root /usr/etc/rpc.rexd rexd 100017 1
2. Refresh inetd by running the following command as root:
refresh -s inetd
- ---------------------------------------------------------------------------
The CERT/CC wishes to thank Darren Reed of the Australian National
University for bringing this vulnerability to our attention and
IBM for their response to the problem.
- ---------------------------------------------------------------------------
If you believe that your system has been compromised, contact CERT/CC or
your representative in FIRST (Forum of Incident Response and Security Teams).
Internet E-mail: cert@cert.org
Telephone: 412-268-7090 (24-hour hotline)
CERT/CC personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
on call for emergencies during other hours.
Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous ftp
from cert.org (192.88.209.5).
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMaMw6XVP+x0t4w7BAQFOpAQA0rUbAhg2vXY64Q8RyXt72aL51klDOUdZ
HPJpQpDhbapGkE4bM9YmbP3Ex5aFrpdrOOmuVkoKYFHViSm4FW48QBadwUotPVT0
JrdhaiMTxdA6du2YwL5NqwMjCOa8wc6iqEMc1Xwa0FpDq25Unr8ZqErTwRuVN8dJ
1XNBJksxcmw=
=m+q2
-----END PGP SIGNATURE-----
