HighCheck or Attack Name: rexd
Some versions of the rexd daemon allow remote attackers to gain unprivileged remote access.
Disable the rexd daemon by commenting it out from the inetd.conf file and restarting the inetd process. If rexd services are required for your configuration, apply the patches provided by your vendor.
Hewlett-Packard (HP-UX) all versions: Add the -r option to the rpc.rexd entry in the /etc/inetd.conf file.
rpc stream tcp nowait root /usr/etc/rpc.rexd 100017 1 rpc.rexd -r
This option specifies that only hosts listed in /etc/hosts.equiv are permitted to use rexd.
IBM AIX 3.1 and 3.2: Install APAR IX21353
AIX 3.2.5 or AIX 4.1: rexd is disabled by default when shipped, and should remain disabled.
IBM patches are located at http://service.software.ibm.com/support/rs6000. Type the APAR number to obtain information or the patch.
NeXT NeXTstep 2.0 and 2.1: Disable rexd.
SGI IRIX 4.x, 5.x, 6.x: Disable rexd. rexd is inappropriate on systems directly exposed to the Internet.
CERT Advisory CA-91.06, NeXT rexd, /private/etc, Username me Vulnerabilities, http://www.cert.org/advisories/CA-91.06.NeXTstep.vulnerability.html
CERT Advisory CA-92.05, AIX REXD Daemon Vulnerability, http://www.cert.org/advisories/CA-92.05.AIX.REXD.Daemon.vulnerability.html
CIAC Information Bulletin C-21, AIX REXD Daemon Vulnerability, http://ciac.llnl.gov/ciac/bulletins/c-21.shtml
