ID CVE-1999-0651
Summary The rsh/rlogin service is running.
References
Vulnerable Configurations
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
metasploit via4
nessus via4
  • NASL family Service detection
    NASL id RSH.NASL
    description The rsh service is running on the remote host. This service is vulnerable since data is passed between the rsh client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication. Finally, rsh is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 10245
    published 1999-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10245
    title rsh Service Detection
  • NASL family Service detection
    NASL id RLOGIN.NASL
    description The rlogin service is running on the remote host. This service is vulnerable since data is passed between the rlogin client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication. Finally, rlogin is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 10205
    published 1999-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=10205
    title rlogin Service Detection
Last major update 20-10-2005 - 00:00
Published 01-01-1999 - 00:00
Back to Top