Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

nt.rsh.rcp.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

RSH and RCP services in NT are insecure, leading to potential security breaches in UNIX systems.

Code
`Date: Thu, 8 Apr 1999 19:11:54 -0700  
From: Eric Gisin <[email protected]>  
To: [email protected]  
Subject: rsh/rcp is not secure  
  
This is really a UNIX rshd bug, but it affects users of the NT clients.  
  
It's old news that the BSD rsh/rcp services are not secure, however rshd is  
still is enabled in many UNIX systems. There are rsh/rcp clients in Windows  
NT, and people are not aware of the ease of defeating security in this  
environment.  
  
The security of this service is based on privileged ports, which are not  
widely implemented. The NT versions of rcp/rsh have no special privileges  
like the UNIX versions. Anyone can modify the source or use netcat to fake  
the client username. For example,  
D:> nc -v unixhost 514 -p 666  
^@newbie^@newbie^@chmod a= .^@  
This will execute the chmod command under newbie's account, if he permits  
access from that client machine in .rhosts.  
  
Basically the problem is since Windows NT includes rsh/rcp, people assume  
it's as secure as the UNIX counterpart, which is not the case.  
  
--------------------------------------------------------------------------  
  
Date: Fri, 9 Apr 1999 09:28:04 -0700  
From: David LeBlanc <[email protected]>  
To: [email protected]  
Subject: Re: rsh/rcp is not secure  
  
At 07:11 PM 4/8/99 -0700, Eric Gisin wrote:  
  
>Basically the problem is since Windows NT includes rsh/rcp, people assume  
>it's as secure as the UNIX counterpart, which is not the case.  
  
The UNIX counterpart isn't really all that secure in any case - it assumes  
that no one on the network can be root, and so come from a low port.  
  
Something else to think about is that running a rshd on NT isn't usually a  
good idea - several implementations run everything as LocalSystem, and the  
ones that don't store live user passwords.  
  
These utilities are full of other security holes - look at the checks in  
the various scanning products for some examples. Safest thing is just not  
to run rsh, rlogin and rexec.  
  
  
David LeBlanc  
[email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
0.1Low risk
Vulners AI Score0.1
rsh security issuercp vulnerabilitiesunix securitywindows nt risksnetwork permissions.
28