- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- nmap breaks lockd
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2013 08:27 AM - last edited on 02-06-2013 05:12 PM by Cathy_xu
02-06-2013 08:27 AM - last edited on 02-06-2013 05:12 PM by Cathy_xu
nmap breaks lockd
Hi all-
It seems a simple nmap scan can break lockd on HP-UX 11.31 with Sept2012 quality patches.
Running ServiceGuard 11.19 on Itanium with NFS toolkit.
This is easily reproducable on numerous servers and has recently caused a major disruption with our customers.
A search for critical fixes came up empty. Patch assesment came up empty also.
FEATURE11i B.11.31.1209.383a Feature Enablement Patches for HP-UX 11i v3, September 2012
HWEnable11i B.11.31.1209.383a Hardware Enablement Patches for HP-UX 11i v3, September 2012
QPKAPPS B.11.31.1209.383 Applications Patches for HP-UX 11i v3, September 2012
QPKBASE B.11.31.1209.383 Base Quality Pack Bundle for HP-UX 11i v3, September 2012
T1905CA A.11.19.00 Serviceguard
B5140BA A.11.31.06 Serviceguard NFS Toolkit
# nmap foobie
Starting Nmap 5.21 ( http://nmap.org ) at 2013-02-06 07:48 PST
Nmap scan report for xxx.xxx.xxx.xxx
Host is up (0.000086s latency).
Not shown: 984 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
113/tcp open auth
135/tcp open msrpc
515/tcp open printer
587/tcp open submission
901/tcp open samba-swat
2049/tcp open nfs
2121/tcp open ccproxy-ftp
2301/tcp open compaqdiag
4045/tcp open lockd
5555/tcp open freeciv
5666/tcp open nrpe
5989/tcp open unknown
49152/tcp open unknown
Here is the output from syslog.log at the moment of nmap scan:
# tail -f /var/log/syslog/syslog.log
Feb 6 07:40:44 foobie nfs4cbd[1106]: t_accept(file descriptor 6/transport tcp) TLI error 6
Feb 6 07:40:44 foobie vmunix: WARNING: hpsol_strioctl(): TI_GETPEERNAME failed, T_ADDR_REQ fail error = ENOTCONN.
Feb 6 07:40:44 foobie vmunix:
Feb 6 07:40:44 foobie /usr/sbin/nfsd[2612]: unable to register with kernel rpc: Socket is not connected
Feb 6 07:40:44 foobie /usr/sbin/rpc.lockd[1087]: t_accept(file descriptor 7/transport tcp) TLI error 0
As you can see, lockd over tcp effectivly shuts down:
# rpcinfo -T tcp foobie nlockmgr
rpcinfo: RPC: Program not registered
UDP seems unaffected:
# rpcinfo -T udp foobie nlockmgr
program 100021 version 1 ready and waiting
program 100021 version 2 ready and waiting
program 100021 version 3 ready and waiting
program 100021 version 4 ready and waiting
Is HP aware of this vulnerability?
Thanks for your advice.
P.S.This thread has been moved from HP-UX >General to HP-UX > networking- HP Forums Moderator
- Tags:
- nmap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2013 05:49 AM
02-08-2013 05:49 AM
Re: nmap breaks lockd
this should be asked to support or security-alerthp.com
Else you'll find it in
http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c03469761/c03469761.pdf
Update to the last ONCplus ( B.11.31.15) should work well for you.