CCE-92009-0| Platform: cpe:/o:ubuntu:ubuntu_linux:16.04 | Date: (C)2018-07-09 (M)2023-07-04 |
The rsh package contains the client commands for the rsh services.
Rationale:
These legacy clients contain numerous security exposures and have been replaced with the more secure SSH package. Even if the server is removed, it is best to ensure the clients are also removed to prevent users from inadvertently attempting to use these commands and therefore exposing their credentials. Note that removing the rsh package removes the clients for rsh, rcp and rlogin.
Parameter:
[no/yes]
Technical Mechanism:
Uninstall the rsh-client and rsh-reload-client packages:
# apt-get purge rsh-client rsh-reload-client
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.4 | Attack Vector: LOCAL |
| Exploit Score: 2.5 | Attack Complexity: LOW |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:46270 |
