Original issue date: March 5, 1992<BR> Last revised: September 19, 1997<BR> Attached copyright statement <P>A complete revision history is at the end of this file. <P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning a vulnerability with the rexd daemon in versions 3.1 and 3.2 of AIX for IBM RS/6000 machines. <P>IBM is aware of the problem and it will be fixed in future updates to AIX 3.1 and 3.2. Sites may call IBM Support (800-237-5511) and ask for the patch for apar ix21353. Patches may be obtained outside the U.S. by contacting your local IBM representative. <P>The fix is also provided below. <P><HR> <H2>I. Description</H2> In certain configurations, particularly if NFS is installed, the rexd (RPC remote program execution) daemon is enabled. <P>Note: Installing NFS with the current versions of "mknfs" will re-enable rexd even if it was previously disabled. <H2>II. Impact</H2> If a system allows rexd connections, anyone on the Internet can gain access to the system as a user other than root. <H2>III. Solution </H2> CERT/CC and IBM recommend that sites take the following actions immediately. These steps should also be taken whenever "mknfs" is run. <OL> <LI>Be sure the rexd line in /etc/inetd.conf is commented out by having a '#' at the beginning of the line: <PRE> #rexd sunrpc_tcp tcp wait root /usr/etc/rpc.rexd rexd 100017 1 </PRE> <LI>Refresh inetd by running the following command as root: <PRE> refresh -s inetd </PRE> </OL> <HR> <P>The CERT/CC wishes to thank Darren Reed of the Australian National University for bringing this vulnerability to our attention and IBM for their response to the problem. <P><HR> <!--#include virtual="/include/footer_nocopyright.html" --> <P>Copyright 1992 Carnegie Mellon University.</P> <HR> Revision History <PRE> September 19,1997 Attached copyright statement </PRE> |