Intrusion Prevention

RSH.Root.Access

Description

This indicates an remote command execution using rsh as root.
The Remote Shell (rsh) is an application that executes shell commands as another user on another computer. It is an insecure protocols which sends information in plaintext over the network. Moreover, there is a lack of authorization vulnerability exists in Cisco Prime LAN Management Solution. The LSM comes with root and casuser user accounts enabled, either of which can execute
commands on the LMS system with root privileges.

Affected Products

Cisco Systems Prime LAN Management Solution 4.2.2 for Linux
Cisco Systems Prime LAN Management Solution 4.2.1 for Linux
Cisco Systems Prime LAN Management Solution 4.2 for Linux
Cisco Systems Prime LAN Management Solution 4.1 for Linux

Impact

System Compromise: Remote Attackers can gain control of vulnerable systems.

Recommended Actions

Use SSH instead of RSH.
Apply patch if there is Cisco Prime LMS installed in your network.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms

CVE References

CVE-2012-6392