|
| TC: | 12004 | |
| Description: | uucp is the legacy UNIX file transfer utility on dial-up lines. It is possible to encapsulate uucp traffic over a TCP channel. However, uucp has now been made obsolete by other data transfer mechanisms (FTP, SMTP, ...). Opening it may reveal information about the target system. | |
| TC Impact: | Gather Info | |
| Service: | uucp |
| Vulnerability Publication: | Unknown | |
| Advisory Copyright: | Unknown | |
| Summary: | An unnecessary UNIX file transfer service is accessible. It should be disabled. | |
| Risk: | Low | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: None | |
| CVSS 2.0 Base Score: | 0.0 |
| Vulnerability Impact: |
Gather Info |
|---|
| Host Impact: | Information can be gathered to prepare an attack. | |
| Nature of Remediation: | Change the system configuration. See the Modify inetd configuration procedure. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Undefined ***** Disable uucp daemon if not needed. Modify inetd.conf accordingly and reload inetd configuration. |
| References: | ||
| http://www.cert.org/advisories/CA-1992-06.html |
| CVE Link: |
CVE-1999-0641 |
 |
|---|
| Glossary: |
FTP Inetd SMTP TCP UUCP |
|---|