rsh Service Detection

This script is Copyright (C) 1999-2016 Tenable Network Security, Inc.


Synopsis :

The rsh service is running on the remote host.

Description :

The rsh service is running on the remote host. This service is
vulnerable since data is passed between the rsh client and server
in cleartext. A man-in-the-middle attacker can exploit this to sniff
logins and passwords. Also, it may allow poorly authenticated logins
without passwords. If the host is vulnerable to TCP sequence number
guessing (from any network) or IP spoofing (including ARP hijacking on
a local network) then it may be possible to bypass authentication.
Finally, rsh is an easy way to turn file-write access into full
logins through the .rhosts or rhosts.equiv files.

Solution :

Comment out the 'rsh' line in /etc/inetd.conf and restart the inetd
process. Alternatively, disable this service and use SSH instead.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Service detection

Nessus Plugin ID: 10245 ()

Bugtraq ID:

CVE ID: CVE-1999-0651

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial