Security Basics mailing list archives
Re: Any exploit of rpc.statd on Redhat 9 default setting?
From: Chris Ess <azarin () tokimi net>
Date: Wed, 20 Aug 2003 12:12:22 -0400 (EDT)
Any exploit of rpc.statd on Redhat 9 default setting? I am practicing on making Redhat secure. After installing Redhat 9 w/ default setting, i checked w/ Nessus. and then i found rpc.statd vulnerability. Why does still Redhat 9 have nfs-utils bug for such a long time? from what version of nfs-utils rpm is safe from this bug?
Having not run nessus recently, is it actually checking to make sure that the rpc.statd is vulnerable or is it just checking to see if it's there? My experience with nessus has been that it does a rather cursory check to see if something is vulnerable, usually by as little as seeing if a port is open or if a service has a specific banner. To the best of my knowledge, there is not an outstanding rpc.statd bug. Although, if there is, I would certainly love to hear about it. If you're running RH9, I suggest going to update.redhat.com and getting any updated RPMs that are available. RHSA-2003:206-01 includes errata packages for nfs-utils to correct a vector for a denial of service attack. More ingormation can be found here: https://rhn.redhat.com/errata/RHSA-2003-206.html I hope this helps. Sincerely, Chris Ess System Administrator / CDTT (Certified Duct Tape Technician) --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Any exploit of rpc.statd on Redhat 9 default setting? s970501 (Aug 20)
- Re: Any exploit of rpc.statd on Redhat 9 default setting? Chris Ess (Aug 20)