Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Open port 512: Remote Execution (Rexec)

Author: Government Digital Service

Open port 512: Remote Execution (Rexec)

What this means

Remote Execution (Rexec) is an outdated and insecure command execution protocol that allows users to execute shell commands on a remote machine.

It operates over TCP port 512 and is part of the older Berkeley r-commands suite (rsh, rexec, rlogin).

The open port Rexec vulnerability occurs when this port is exposed to the internet or internal networks without proper security controls, allowing unauthorised users to execute commands remotely.

Why this is a problem

An open Rexec port means that the service is accessible from the internet or an internal network without proper security controls.

If Rexec is not secured or misconfigured, it can lead to:

  • unauthorised access to system resources
  • Remote Code Execution (RCE) via vulnerable RPC endpoints
  • lateral movement where an attacker gains access to one system and spreads across the network
  • data exfiltration where sensitive information can be accessed and transferred without detection
  • privilege escalation where attackers may use Rexec access to elevate their privileges on the system

How to check if the problem is there

Check open Rexec ports

Run the following command to check if Rexec ports are open.

Windows (Command Prompt):

netstat -an | find ":512"

Linux/Mac (Terminal):

sudo netstat -tulnp | grep ":512"

Nmap:

Nmap -p 512 <IP address>

How to fix this

To mitigate attacks against Rexec, an administrator can take the following steps to block access or reduce the attack surface.

Disable the service if not required

Disable the service if not required by carrying out the following:

  • use an alternative solution – SSH is the recommended alternative
  • disable or uninstall services if not required

Restrict Network Access

Configure firewall rules to allow connections only from trusted IP addresses.

Patch and update systems

Ensure the operating system is kept up to date and patched in a timely manner.

Regularly monitor logs

Regularly monitor your event logs and consider:

  • using SIEM tools to detect anomalies
  • deploying Intrusion Detection Systems (IDS)

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now