rexecd allows remote users to execute commands as root

att-rexecd (3159) The risk level is classified as HighHigh Risk


A vulnerability in AT&T TCP/IP Release 4.0 running on SVR4 systems allows root privileges to be accessed through the use of /usr/etc/rexecd. A remote attacker may be able to run commands as root on the target host (the host running the affected /usr/etc/rexecd).


Gain Access


Administrators of affected systems should execute, as root, the following command to immediately turn off access to rexecd until the new binary can be obtained.

# chmod 400 /usr/etc/rexecd

Obtain and install the new patch. The fix will be supplied as one diskette, and it comes with one page of instructions documenting the procedure to replace the existing /usr/etc/rexecd binary.


Platforms Affected:

  • AT&T AT&T TCP/IP 4.0


Feb 25, 1992

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page