rpc.statd access
Summary
rpc.statd: The NFS support program, rpc.statd can be exploited through
a buffer overflow attack.
Impact
A remote intruder can execute commands as root if the buffer overflow
attack is successful.
The problem
The rpc.statd program is a support program to NFS which supports file
locking when requested. Older versions of statd are vulnerable to a buffer
overflow attack where a well crafted pattern could execute arbitrary
commands as the root user
Fix
- Where possible (i.e., not using NFS), disable rpc.statd in either
the inetd.conf or in one of the rc.d "S" files.
- Otherwise, patch the system to a version that is not vulnerable to
the buffer overflow attack.
Other tips
CVE Reference(s):