home *** CD-ROM | disk | FTP | other *** search
-
- -----BEGIN PGP SIGNED MESSAGE-----
-
- ===========================================================================
- CA-92:05 CERT Advisory
- March 5, 1992
- AIX REXD Daemon Vulnerability
-
- - ---------------------------------------------------------------------------
-
- The Computer Emergency Response Team/Coordination Center (CERT/CC) has
- received information concerning a vulnerability with the rexd daemon
- in versions 3.1 and 3.2 of AIX for IBM RS/6000 machines.
-
- IBM is aware of the problem and it will be fixed in future updates to
- AIX 3.1 and 3.2. Sites may call IBM Support (800-237-5511) and ask for
- the patch for apar ix21353. Patches may be obtained outside the U.S. by
- contacting your local IBM representative.
-
- The fix is also provided below.
-
- - ---------------------------------------------------------------------------
-
- I. Description
-
- In certain configurations, particularly if NFS is installed,
- the rexd (RPC remote program execution) daemon is enabled.
-
- Note: Installing NFS with the current versions of "mknfs" will
- re-enable rexd even if it was previously disabled.
-
- II. Impact
-
- If a system allows rexd connections, anyone on the Internet can
- gain access to the system as a user other than root.
-
- III. Solution
-
- CERT/CC and IBM recommend that sites take the following actions
- immediately. These steps should also be taken whenever "mknfs" is run.
-
- 1. Be sure the rexd line in /etc/inetd.conf is commented out by
- having a '#' at the beginning of the line:
-
- #rexd sunrpc_tcp tcp wait root /usr/etc/rpc.rexd rexd 100017 1
-
- 2. Refresh inetd by running the following command as root:
-
- refresh -s inetd
-
-
- - ---------------------------------------------------------------------------
- The CERT/CC wishes to thank Darren Reed of the Australian National
- University for bringing this vulnerability to our attention and
- IBM for their response to the problem.
- - ---------------------------------------------------------------------------
-
- If you believe that your system has been compromised, contact CERT/CC or
- your representative in FIRST (Forum of Incident Response and Security Teams).
-
- Internet E-mail: cert@cert.org
- Telephone: 412-268-7090 (24-hour hotline)
- CERT/CC personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
- on call for emergencies during other hours.
-
- Computer Emergency Response Team/Coordination Center (CERT/CC)
- Software Engineering Institute
- Carnegie Mellon University
- Pittsburgh, PA 15213-3890
-
- Past advisories, information about FIRST representatives, and other
- information related to computer security are available for anonymous ftp
- from cert.org (192.88.209.5).
-
-
- -----BEGIN PGP SIGNATURE-----
- Version: 2.6.2
-
- iQCVAwUBMaMw6XVP+x0t4w7BAQFOpAQA0rUbAhg2vXY64Q8RyXt72aL51klDOUdZ
- HPJpQpDhbapGkE4bM9YmbP3Ex5aFrpdrOOmuVkoKYFHViSm4FW48QBadwUotPVT0
- JrdhaiMTxdA6du2YwL5NqwMjCOa8wc6iqEMc1Xwa0FpDq25Unr8ZqErTwRuVN8dJ
- 1XNBJksxcmw=
- =m+q2
- -----END PGP SIGNATURE-----
-
-