Rexec Service contents.gifindex.gif

Rexec Service

The rexec service has been found. This service allows a user to execute commands remotely, and typically requires that user names and passwords be passed in clear text across the network. Under Windows NT, the Ataman version of this service writes errors to the application log. The application log is readable by any user with permission to access the computer from the network, which could potentially report details about why a given user was unable to log in.

Risk: Low

OS Vulnerable: UNIX, Windows NT

Fix: Comment out rexec from inetd.conf, or under Windows NT open Control Panel, Services to disable the service.