Vulnerabilities > CVE-1999-0651
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
low complexity
nessus
metasploit
Summary
The rsh/rlogin service is running.
Metasploit
description This module will test an rexec service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). id MSF:AUXILIARY/SCANNER/RSERVICES/REXEC_LOGIN last seen 2020-03-09 modified 2018-12-12 published 2010-11-23 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/rservices/rexec_login.rb title rexec Authentication Scanner description This module will test an rlogin service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). id MSF:AUXILIARY/SCANNER/RSERVICES/RLOGIN_LOGIN last seen 2019-11-29 modified 2018-12-12 published 2010-11-23 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/rservices/rlogin_login.rb title rlogin Authentication Scanner description This module will test a shell (rsh) service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). id MSF:AUXILIARY/SCANNER/RSERVICES/RSH_LOGIN last seen 2020-03-12 modified 2018-12-12 published 2010-11-23 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/rservices/rsh_login.rb title rsh Authentication Scanner
Nessus
NASL family Service detection NASL id RLOGIN.NASL description The rlogin service is running on the remote host. This service is vulnerable since data is passed between the rlogin client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication. Finally, rlogin is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files. last seen 2020-06-01 modified 2020-06-02 plugin id 10205 published 1999-08-30 reporter This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10205 title rlogin Service Detection NASL family Service detection NASL id RSH.NASL description The rsh service is running on the remote host. This service is vulnerable since data is passed between the rsh client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication. Finally, rsh is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files. last seen 2020-06-01 modified 2020-06-02 plugin id 10245 published 1999-08-22 reporter This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10245 title rsh Service Detection