remote command execution in rug

2006-05-31T18:59:25
ID SUSE-SA:2006:029
Type suse
Reporter Suse
Modified 2006-05-31T18:59:25

Description

RedCarpet allows the remote administration of systems by running the rc daemon (rcd) on the server side to accept SSL encrypted commands from the client. The tool rug is such a client application that can be run from command-line. The client does not verify the SSL certificates received from the server and is therefore vulnerable to a man-in-the-middle attack which allows an attacker to read traffic and to insert commands.

Solution

No work-around is known for the man-in-the-middle attack. The permissions of the configuration file can be changed using the chmod(1) command as root.