OSVDB ID: 11523 Title: Multiple Vendor in.rshd NULL Login Remote Privilege Escalation |
Info |
|
|
Dates |
||||
|
|
Description |
in.rshd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to a flaw in the rusersok function call. A remote attacker can potentially login to the system with a NULL username, resulting in a loss of integrity. |
Classification |
Location:
Remote/Network Access Required
Attack Type: Authentication Management Impact: Loss of Integrity Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Disable the RSH service by commenting it out of the inetd.conf file and restarting the inetd process. |
Products |
|
References |
Credit |
Unknown or Incomplete |