(Description Provided by CVE) : ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NIS is running."
This host is running the 'rsh' service. This service provides the ability to run arbitrary commands on the host using normal 'r' utility authentication. Usernames and passwords are passed across the network in plaintext. An attacker can possibly sniff usernames and passwords and gain access to this host. This vulnerability may be a false positive on hosts protected by certain application-level firewalls or the firewalls themselves such as a Raptor Firewall or TIS Firewall Toolkit. On these systems a connection is not refused, but is established and then immediately closed.
Devices without proper physical security may allow a malicious user to bypass authentication or even lead to an unauthorized information disclosure. The issue may be triggered in a variety of different ways and typically depends on the specific device. It is possible that the flaw will result in a loss of integrity.
DNS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the host's DNS name server allows zone transfers to replicate zone information between master and slave DNS servers. If zone transfers have not been restricted to authorized slave servers only, a remote attacker could disclose sensitive network information resulting in a loss of confidentiality.
Iniquity BBS contains a flaw that may allow an unprivileged user to download arbitrary files. The issue is due to the Sysop line chat allowing system commands to be executed from either side of the chat. If a user initiates a file transfer from the chat, they may download any file on the host system.
By default, Major BBS running the Mutant Link module installs with a default password. The "ML" account has a password of "!@*&#@&AY" which is publicly known and documented. This allows attackers to trivially access the program or system.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.