Tutorial - Rusersd Vulnerability
Rusersd Vulnerability
Summary
The rusersd process provides a list of users logged on to the computer in
a format similar to the local "w" command. This information may be valuable
to the hacker since it gives hime positive evidence of user activity.
Normally, the hacker would wait until everyone is looged off before we "goes
to work".
Impact
The rusersd program can be a valuable tool since it informs him when
"nobody is around".
The Problem
The rusersd program provides useful information to the hacker in the
form of
- when activity is at a low point where the chances of being caught
are minimized
- providing information on valid user names
- getting information while minimizing the chances of getting caught.
Resolution
This vulnerability can be eliminated by:
- Eliminating this service by modifying the inetd configuration file
or
- removing a standalone daemon by editing the appropriate /etc/rc.d/S*
file.
CVE References(s):