rexecd allows remote users to execute commands as root
|att-rexecd (3159)||High Risk|
A vulnerability in AT&T TCP/IP Release 4.0 running on SVR4 systems allows root privileges to be accessed through the use of /usr/etc/rexecd. A remote attacker may be able to run commands as root on the target host (the host running the affected /usr/etc/rexecd).
Administrators of affected systems should execute, as root, the following command to immediately turn off access to rexecd until the new binary can be obtained.
# chmod 400 /usr/etc/rexecd
Obtain and install the new patch. The fix will be supplied as one diskette, and it comes with one page of instructions documenting the procedure to replace the existing /usr/etc/rexecd binary.
- CERT Advisory CA-1992-04: AT&T /usr/etc/rexecd Vulnerability.
- CIAC Information Bulletin C-18: Vulnerability In AT&T /usr/etc/rexecd.
- BID-36: AT&T TCP/IP /usr/etc/rexecd Vulnerability
- CVE-1999-1059: Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
- OSVDB ID: 890: AT&T rexecd Remote Arbitrary Command Execution
- AT&T AT&T TCP/IP 4.0
Feb 25, 1992
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this