REXD remote access from arbitrary hosts.
A remote intruder can execute commands as any user.
The rexd service and the on client program
implement remote command execution via the network. To the extent that
it is possible, the complete client environment, including working
directory and environment variables, is made available on the remote
A request for remote command execution contains, among others, the
command to be executed, and a user and group id. By default, the rexd
server believes everything that the client sends it. An intruder can
exploit the service to execute commands as any user (except perhaps
root). The typical rexd server has no protection against
abuse: most implementations have no provision for access control, nor
do they require that the client uses a privileged network port.
- Disable the rexd service. Usually this is accomplished by editing
the inetd.conf file, and by sending a HUP signal to the
- Some rexd implementations can be configured to use a more secure
protocol. Consult your manual pages for details.