Remote Shell on the Internet
Summary
This vulnerability allows for remote shell/remote login access from arbitrary hosts.
Impact
The machine can be taken over by any malicious (super) user on the network. In other words,
depending on the configuration of the target system, a malicious user will be able to logon to the target
without a password. Once logged in, the user can replace/delete important system programs and/or
configuration files and generally wreak havoc on the target system.
The Problem
When the remote login/remote shell service trusts every host on the
network, a malicious superuser on an arbitrary host can gain access as
any user (except perhaps root). Once inside, the intruder
can replace system programs or configuration files (such as the
password file) and take over the machine.
In addition, there are guest or administrative accounts that might not
have passwords protecting the account, which allows anyone to remotely
login as that user and gain access to the host.
Resolution
Remove the wildcard (+) from the /etc/hosts.equiv file. Be careful with
the use of the -@group netgroup feature, as there are many
incorrect implementations. Also, delete or disable any accounts without a password from the system or
NIS password file.
Another fix is to give system accounts such as bin and daemon a
non-functional shell (such as /bin/false) and put them in
the /etc/ftpusers file so they cannot use FTP.
To help limit access to vulnerable services on your network, you should use
TCP wrappers.
Where can I read more about this?
See the
Admin
Guide to Cracking for an example of why this vulnerability is a problem.