This script is Copyright (C) 1999-2012 Tenable Network Security, Inc.
The rsh service is running.
The remote host is running the 'rsh' service. This service is
dangerous in the sense that it is not ciphered - that is, everyone can
sniff the data that passes between the rsh client and the rsh server.
This includes logins and passwords.
Also, it may allow poorly authenticated logins without passwords. If
the host is vulnerable to TCP sequence number guessing (from any
network) or IP spoofing (including ARP hijacking on a local network)
then it may be possible to bypass authentication.
Finally, rsh is an easy way to turn file-write access into full logins
through the .rhosts or rhosts.equiv files.
You should disable this service and use ssh instead.
Comment out the 'rsh' line in /etc/inetd.conf
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true
Family: Service detection
Nessus Plugin ID: 10245 ()
CVE ID: CVE-1999-0651
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.