remote command execution in rug

ID SUSE-SA:2006:029
Type suse
Reporter Suse
Modified 2006-05-31T18:59:25


RedCarpet allows the remote administration of systems by running the rc daemon (rcd) on the server side to accept SSL encrypted commands from the client. The tool rug is such a client application that can be run from command-line. The client does not verify the SSL certificates received from the server and is therefore vulnerable to a man-in-the-middle attack which allows an attacker to read traffic and to insert commands.


No work-around is known for the man-in-the-middle attack. The permissions of the configuration file can be changed using the chmod(1) command as root.