CCE-94416-5| Platform: cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2019-11-07 (M)2023-07-04 |
The 'rsh' package contains the client commands
for the rsh services
Parameter:
[no/yes]
Technical Mechanism:
These legacy clients contain numerous security exposures and have
been replaced with the more secure SSH package. Even if the server is removed,
it is best to ensure the clients are also removed to prevent users from
inadvertently attempting to use these commands and therefore exposing
their credentials. Note that removing the 'rsh' package removes
the clients for 'rsh','rcp', and 'rlogin'.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 4.3 | Attack Vector: ADJACENT_NETWORK |
| Exploit Score: 2.8 | Attack Complexity: LOW |
| Impact Score: 1.4 | Privileges Required: NONE |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: NONE |
| | Availability: NONE |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:55808 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84095 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72220 |
