Code: p605 Severity: Warning
Description: This event is generated when a telnet server sends an error message regarding a failed user attempt to issue the 'su' command to get root privileges. Impact: Failed root access. This attack occurs when a user attempts to get root privileges using the su command. Corrective: Use ssh instead of telnet to prevent su passwords from being sniffed. Tightly restric su access to authorized users. Block inbound telnet access if it is not required.
|
