CVE-1999-0515 in Unixinfo

Summary

by MITRE

An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 04/17/2026

The vulnerability described in CVE-1999-0515 represents a critical security flaw in Unix-based systems that stems from improper trust relationship configuration in the hosts.equiv file. This issue allows unauthorized remote access by leveraging the + sign character which, when present in /etc/hosts.equiv, grants unrestricted trust to any host that can establish a connection to the system. The configuration essentially creates a backdoor mechanism where any remote system can authenticate without proper credentials, bypassing standard authentication protocols entirely. This flaw directly violates fundamental security principles of access control and authentication, creating a pathway for malicious actors to gain system access without proper authorization.

The technical implementation of this vulnerability resides in the Unix authentication mechanism's handling of the hosts.equiv file. When the + sign is present in this file, the system interprets it as a wildcard that trusts all hosts attempting to connect through the rlogin or rsh protocols. The flaw operates at the network level where the system accepts connections from any remote host that can establish a TCP connection to the system's rlogin/rsh ports. This design oversight creates a trust relationship that extends beyond the intended scope, effectively allowing any remote system to authenticate as any user on the target system. The vulnerability is classified under CWE-284 Access Control Issues, specifically related to insufficient access control mechanisms.

The operational impact of this vulnerability is severe and far-reaching across Unix environments. Attackers can exploit this flaw to gain unauthorized access to systems running rlogin or rsh services without requiring knowledge of user passwords or authentication credentials. This allows for complete system compromise including privilege escalation, data exfiltration, and potential lateral movement within network infrastructure. The vulnerability affects systems where remote login services are enabled and the hosts.equiv file contains the + sign, making it particularly dangerous in enterprise environments where such services might be improperly configured. The attack surface is broad as any system with rlogin/rsh services and vulnerable configuration can be exploited, potentially leading to widespread compromise across network segments.

Mitigation strategies for this vulnerability focus on immediate configuration changes and access control enforcement. The primary remediation involves removing or commenting out the + sign from /etc/hosts.equiv files and replacing it with specific host entries that explicitly define trusted systems. System administrators should implement proper access control lists that restrict trust relationships to only known and authorized hosts. The recommended approach aligns with the principle of least privilege and follows the ATT&CK framework's defense in depth strategies for network access control. Organizations should also disable rlogin and rsh services where possible and implement alternative secure authentication methods such as SSH. Regular security audits should verify that hosts.equiv files do not contain wildcard trust entries and that proper access controls are enforced throughout the Unix system architecture. Additionally, network segmentation and firewall rules should be implemented to restrict access to rlogin/rsh ports, further reducing the attack surface and preventing exploitation of this vulnerability.

Disclosure

01/01/1999

Moderation

accepted

Entry

VDB-14332

CPE

ready

EPSS

0.01855

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!