Rpc.walld wall daemon running
| walld (150) |  Medium Risk |
Description:
The "write all" daemon rpc.rwalld was detected as running. This daemon allows users to broadcast messages to all users connected to a network. The rwall daemon lacks significant authentication and can be used in denial of service attacks and social engineering attacks.
Platforms Affected:
- Compaq, Tru64
- Data General, DG/UX
- HP, HP-UX
- IBM, AIX
- Linux, Kernel
- SCO, SCO Unix
- SGI, IRIX
- Sun, Solaris
- WindRiver, BSDOS
Remedy:
Disable the wall daemon by commenting it out of inetd.conf or removing it from any RC scripts. Alternatively, users can install a walld package that includes improved authentication.
Consequences:
Informational
References:
- CIAC Information Bulletin CIAC-05, Security Holes in UNIX Systems at http://www.ciac.org/ciac/bulletins/ciac-05.shtml.
- CIAC Information Bulletin CIAC-06, Notice of Availability of Patch for rwalld/wall at http://ciac.llnl.gov/ciac/bulletins/ciac-06.shtml.
- CVE-1999-0181: The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.
Reported:
Jan 01, 1994
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net