Unixshellfromport.ingreslock.port.Exploit

description-logoDescription

Indicates an attempt to create a remote shell on the ingreslock port (port 1524). Remote users, attacking linux or unix systems with an exploit, frequently attempt to create a command shell (for example /bin/sh) listening on port 1524. The ingreslock service (port 1524) is added to a file called, for example, /tmp/x, and then inetd is executed with /tmp/x as the configuration file. The remote attacker can then connect to this shell and gain complete system access and control.

affected-products-logoAffected Products

All unix and linux systems.

Impact logoImpact

Remote shell access with root privileges.

recomended-action-logoRecommended Actions

Kill any extra versions of inetd. Remove the configuration file and any accounts that were created.
Restrict access to port 1524.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)