Dutch | French | Spanish | Portuguese | Italian | German | Norwegian | Japanese | Chinese | Korean | Russian | Arabic

REXEC is often confused with the other r services. However, it bears no relationship to them. REXEC runs on TCP port 512.

UNIX distributions often ship without an REXEC client program—for some, this makes the service all the more mysterious.

The REXEC protocol is predominately used by application programmers to remotely connect to a UNIX system, run a command, and exit. They do this via the REXECREXEC library call. REXEC uses standard username and password authentication. All communications are sent in clear text between client and server.

REXECREXEC Risks

· Brute-force login attempts might go unnoticed as the REXEC daemon performs pitiful logging.

· Communications are unencrypted so that all the MITM is active, and passive attacks apply.

· There is no access-control built in to REXEC. Beyond disabling the service or using third-party software, you cannot define which users can use the service. Therefore a user who normally logs in via a secure protocol could end up inadvertently sending his password (and more) across the network in plaintext, simply by using a client application which relies on REXEC.

· Some REXEC daemons produce a different error message to a client, depending on whether the username or password was incorrect. This behavioral difference permits attackers to ascertain valid usernames. Again, your system is disclosing information.

Securing REXEC

· Disable REXEC. If client applications rely upon it, figure out a migration path away and then disable it.

· If disabling is not an option, consider using SSH to tunnel the protocol. SSH provides remote terminal access.