The rusersd process provides a list of users logged on to the computer in
a format similar to the local "w" command. This information may be valuable
to the hacker since it gives hime positive evidence of user activity.
Normally, the hacker would wait until everyone is looged off before we "goes
The rusersd program can be a valuable tool since it informs him when
"nobody is around".
The rusersd program provides useful information to the hacker in the
- when activity is at a low point where the chances of being caught
- providing information on valid user names
- getting information while minimizing the chances of getting caught.
This vulnerability can be eliminated by:
- Eliminating this service by modifying the inetd configuration file
- removing a standalone daemon by editing the appropriate /etc/rc.d/S*