Environment
Novell ZENworks Configuration Management 11.2
Situation
A potential vulnerability has been found with the ZENworks Appliance server.
Resolution
Disable the rexecd service if not required for business functionality, or apply access control to block unauthorized connections from connecting to the service. ZENworks Appliance does not need this service for its functionality. Disable the feature by issuing the command 'chkconfig rexec off'
Cause
The rexecd service is running. The rexecd service does not provide strong authentications measures, and can be used by an attacker to scan third party hosts.
Additional Information
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0618