Linux r-command Services Disabled Vulnerability

漏洞信息

漏洞名称: Linux r-command Services Disabled Vulnerability

漏洞类型: 配置问题

漏洞等级: 高危

漏洞描述: 该漏洞涉及Linux系统中的r-command服务(包括rlogin、rsh、rexec)未正确禁用的问题。r-command服务是一组传统的网络服务,用于远程登录和执行命令,但由于其设计上的安全性不足,已被现代安全实践所淘汰。如果这些服务被启用,攻击者可能通过开放的端口未经授权访问系统,提取敏感信息,或对系统进行破坏。漏洞的技术根源在于系统管理员未遵循安全最佳实践,未能禁用这些不必要的服务,从而暴露了系统于潜在的攻击之下。这种配置问题可能导致严重的安全风险,包括但不限于信息泄露、服务中断,甚至远程代码执行。由于这些服务通常不需要认证即可使用,攻击者可以相对容易地利用这些漏洞进行自动化攻击。因此,除非有明确的业务需求,否则应确保这些服务被禁用,以保护系统安全。

产品名称: Linux

来源: https://github.com/projectdiscovery/nuclei-templates/blob/dfc176303ffebe3d9f231045fa3abe2cf2ca9874/misconfiguration%2Flinux%2Flinux-r-command-services-disabled.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

id: linux-r-command-services-disabled

info:
  name: r-command Services Disabled (rlogin, rsh, rexec)
  author: songyaeji
  severity: high
  description: >
    If r-command services (rlogin, rsh, rexec) are enabled, unauthorized users may access or extract sensitive information,
    or disrupt the system through open ports. These legacy services should be disabled unless explicitly required.
  reference:
    - https://isms.kisa.or.kr
    - Cloud Vulnerability Assessment Guide(2024) by KISA
  tags: linux,misconfiguration,rlogin,rsh,rexec,xinetd
  metadata:
    verified: true
    os: linux
    category: configuration
    max-request: 1
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.8
    cwe-id: CWE-284

self-contained: true

code:
  - engine:
      - bash
    source: |
      rlogin_check=$(grep -i 'disable[[:space:]]*=[[:space:]]*no' /etc/xinetd.d/rlogin 2>/dev/null)
      rsh_check=$(grep -i 'disable[[:space:]]*=[[:space:]]*no' /etc/xinetd.d/rsh 2>/dev/null)
      rexec_check=$(grep -i 'disable[[:space:]]*=[[:space:]]*no' /etc/xinetd.d/rexec 2>/dev/null)

      if [ -n "$rlogin_check" ]; then
        echo "[VULNERABLE] rlogin service is enabled"
      fi
      if [ -n "$rsh_check" ]; then
        echo "[VULNERABLE] rsh service is enabled"
      fi
      if [ -n "$rexec_check" ]; then
        echo "[VULNERABLE] rexec service is enabled"
      fi

      if [ -z "$rlogin_check" ] && [ -z "$rsh_check" ] && [ -z "$rexec_check" ]; then
        echo "[SAFE] All r-command services are properly disabled"
      fi
    matchers:
      - type: word
        part: code_1_response
        words:
          - "[VULNERABLE]"

Github Poc
#projectdiscovery/nuclei-templates:github issues #配置问题
Linux r-command Services Disabled Vulnerability
http://example.com/2025/07/31/github_601362900/
作者
lianccc
发布于
2025年7月31日
许可协议