CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.8%
Added: 01/25/2013
CVE: CVE-1999-0515
The **rsh**
service allows remote users, using an **rsh**
client, to execute individual shell commands on an **rsh**
server without the need for a password. The **rsh**
process uses the .rhosts file to list trusted hosts (those machines allowed to use the service).
CVE-1999-0515: The root user account on the target trusts every host and, as a result, a malicious superuser on an arbitrary host can gain access as root. Once inside, the intruder can replace system programs or configuration files (such as the password file) and take over the machine.
CVE-2012-6392: A specific case of the rsh excessive trust vulnerability. Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands with the permissions of the root user via a crafted session on port 514/tcp.
Remove the wildcard (+) from the /etc/hosts.equiv file and the .rhosts file in the root user’s home directory. Ensure that these files contain only trustworthy hosts.
If the successfuly targeted machine is running Cisco Prime LMS, upgrade to version 4.2.3 or higher, or apply the appropriate patch as described in Cisco Security Advisory cisco-sa-20130109-lms.
<http://www.porcupine.org/satan/demo/docs/admin_guide_to_cracking.html#remote-shell-access>
<http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms>
<http://www.securityfocus.com/bid/57221>
<http://www.osvdb.org/show/osvdb/89112>
Linux
Unix