PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE
MANAGER {IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
U-1,368/DS-SIM {CSG}
SUBJECT: AIX REXD DAEMON VULNERABILITY {ASSIST 92-61}
/DS-SIM(DCPO)
1. {U} DISCUSSION: ASSIST HAS RECEIVED INFORMATION CONCERNING A
VULNERABILITY WITH THE REXD DAEMON IN VERSIONS 3.1 AND 3.2 OF AIX
FOR IBM RS/6000 MACHINES.
IN CERTAIN CONFIGURATIONS, PARTICULARLY IF NFS IS INSTALLED, THE
REXD (RPC REMOTE PROGRAM EXECUTION) DAEMON IS ENABLED.  IF A
SYSTEM ALLOWS REXD CONNECTIONS, ANYONE ON THE NETWORK CAN GAIN
ACCESS TO THE SYSTEM AS A USER OTHER THAN ROOT. NOTE: INSTALLING
NFS WITH THE CURRENT VERSIONS OF "MKNFS" WILL RE-ENABLE REXD EVEN
IF IT WAS PREVIOUSLY DISABLED.
2. {U} RECOMMENDATIONS: IBM IS AWARE OF THE PROBLEM AND IT WILL BE
FIXED IN FUTURE UPDATES TO AIX 3.1 AND 3.2.  SITES MAY CALL IBM
SUPPORT (800-237-5511) AND ASK FOR THE PATCH FOR APAR IX21353. 
PATCHES AMY BE OBTAINED OUTSIDE THE U.S. BY CONTACTING YOUR LOCAL
IBM REPRESENTATIVE.  THE FIX FOR THIS PROBLEM IS ALSO PROVIDED
BELOW.  
3. {U} ASSIST RECOMMENDS THE FOLLOWING ACTIONS BE TAKEN
IMMEDIATELY AND ALSO WHENEVER "MKNFS" IS RUN.
A. BE SURE THE REXD LINE IN /ETC/INETD.CONF IS COMMENTED OUT BY
HAVING A '#' AT THE BEGINNING OF THE LINE:
#REXD  SUNRPC_TCP TCP  WAIT  ROOT /USR/ETC/RPC.REXD REXD 100017 1
.
B. REFRESH INETD BY RUNNING THE FOLLOWING COMMAND AS ROOT: REFRESH
-S INETD.
4. {U} POINT OF CONTACT: ASSIST POINT OF CONTACT FOR THIS MATTER
IS MIKE HIGGINS, COMM {202} 373-8852/55 OR DSN 243-8852/55. 
ASSIST CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800}
SKY-PAGE, PIN NUMBER 2133937 {FROM A TOUCH TONE PHONE ENTER THE
CALL BACK NUMBER AFTER THE PROMPT} OR AUTOVON DIAL 243-8000 AND
ASK TO HAVE THE ASSIST DUTY OFFICER PAGED.