Details
The talk software makes it possible for users to send and receive messages across systems through a terminal session. The talk client (allows initiate of talk sessions) is installed by default. The software presents a security risk as it uses unencrypted protocols for communication.
Solution
Remove or comment out any talk or ntalk lines in /etc/inetd.conf- #talk dgram udp wait nobody.tty /usr/sbin/in.talkd in.talkd#ntalk dgram udp wait nobody.tty /usr/sbin/in.ntalkd in.ntalkd
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.