Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Security scan fails: "The rsh service is running" on p143
PostPosted: 2009-08-26 12:48 
Normal user
User avatar

Joined: 2005-09-24 11:33
Posts: 56
My PCI-DSS compliance scan reported the following:

Quote:
Security warning found on port/service "imap (143/tcp)"

Plugin "rsh"

Category "Useless services "

Priority "Medium Priority "Synopsis : The rsh service is running. Description : The remote host is running the 'rsh' service. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the rsh client and the rsh server. This includes logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication. Finally, rsh is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files. You should disable this service and use ssh instead.

Solution : Comment out the 'rsh' line in /etc/inetd.conf

The only thing that's got anything to do with port 143 on this box (to my knowledge) is hMailServer. Since we're in a Windows environment, telling me to tweak /etc/inetd.conf isn't terribly helpful. Is there something I could/should configure in hMS?

_________________
Windows 2008 Server Standard
IIS v7.0
hMailServer 5.2.1-B361 MS SQL
SQL Server 2008 Standard Edition


Top
 Profile  
 
 Post subject: Re: Security scan fails: "The rsh service is running" on p143
PostPosted: 2009-08-26 12:59 
Site Admin
User avatar

Joined: 2005-07-29 16:18
Posts: 13792
Location: UK
Thats the IMAP port, I'm pretty sure their wrong. I suggest you contact them and ask them what the hell they are on about.

_________________
If at first you don't succeed, bomb disposal probably isn't for you! ヅ


Top
 Profile  
 
 Post subject: Re: Security scan fails: "The rsh service is running" on p143
PostPosted: 2009-08-26 17:52 
Developer

Joined: 2003-11-21 01:09
Posts: 6403
Location: Sweden
Agree with ^Doom^. Most these tools report loads of false positives to be on the safe side. Most of them seems to be pretty stupid, as in this case where it tells you to modify a *nix file on your Windows system.


Top
 Profile  
 
 Post subject: Re: Security scan fails: "The rsh service is running" on p143
PostPosted: 2009-08-26 18:13 
Normal user
User avatar

Joined: 2005-09-24 11:33
Posts: 56
Unfortunately in this case they won't budge. Guess I'll just have to block IMAP access at the firewall and sneak around it with the VPN. Pain in the wotsit but there you have it.

Thanks for the feedback, at least I didn't waste time poking around the hMS config.

_________________
Windows 2008 Server Standard
IIS v7.0
hMailServer 5.2.1-B361 MS SQL
SQL Server 2008 Standard Edition


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 


Who is online

Users browsing this forum: No registered users and 2 guests



Search for:
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group