Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

nmap breaks lockd

Dan Crossman
Advisor

nmap breaks lockd

Hi all-

It seems a simple nmap scan can break lockd on HP-UX 11.31 with Sept2012 quality patches.
Running ServiceGuard 11.19 on Itanium with NFS toolkit.
This is easily reproducable on numerous servers and has recently caused a major disruption with our customers.
A search for critical fixes came up empty. Patch assesment came up empty also.

 

FEATURE11i B.11.31.1209.383a Feature Enablement Patches for HP-UX 11i v3, September 2012
HWEnable11i B.11.31.1209.383a Hardware Enablement Patches for HP-UX 11i v3, September 2012
QPKAPPS B.11.31.1209.383 Applications Patches for HP-UX 11i v3, September 2012
QPKBASE B.11.31.1209.383 Base Quality Pack Bundle for HP-UX 11i v3, September 2012
T1905CA A.11.19.00 Serviceguard
B5140BA A.11.31.06 Serviceguard NFS Toolkit


# nmap foobie
Starting Nmap 5.21 ( http://nmap.org ) at 2013-02-06 07:48 PST
Nmap scan report for xxx.xxx.xxx.xxx
Host is up (0.000086s latency).
Not shown: 984 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
113/tcp open auth
135/tcp open msrpc
515/tcp open printer
587/tcp open submission
901/tcp open samba-swat
2049/tcp open nfs
2121/tcp open ccproxy-ftp
2301/tcp open compaqdiag
4045/tcp open lockd
5555/tcp open freeciv
5666/tcp open nrpe
5989/tcp open unknown
49152/tcp open unknown

 

 

Here is the output from syslog.log at the moment of nmap scan:

# tail -f /var/log/syslog/syslog.log
Feb 6 07:40:44 foobie nfs4cbd[1106]: t_accept(file descriptor 6/transport tcp) TLI error 6
Feb 6 07:40:44 foobie vmunix: WARNING: hpsol_strioctl(): TI_GETPEERNAME failed, T_ADDR_REQ fail error = ENOTCONN.
Feb 6 07:40:44 foobie vmunix:
Feb 6 07:40:44 foobie /usr/sbin/nfsd[2612]: unable to register with kernel rpc: Socket is not connected
Feb 6 07:40:44 foobie /usr/sbin/rpc.lockd[1087]: t_accept(file descriptor 7/transport tcp) TLI error 0

 


As you can see, lockd over tcp effectivly shuts down:

 

# rpcinfo -T tcp foobie nlockmgr
rpcinfo: RPC: Program not registered

 

UDP seems unaffected:

 

# rpcinfo -T udp foobie nlockmgr
program 100021 version 1 ready and waiting
program 100021 version 2 ready and waiting
program 100021 version 3 ready and waiting
program 100021 version 4 ready and waiting


Is HP aware of this vulnerability?

Thanks for your advice.

 

 

P.S.This thread has been moved from HP-UX >General to HP-UX > networking- HP Forums Moderator

 

1 REPLY
Laurent Menase
Honored Contributor

Re: nmap breaks lockd

this should be asked to support or security-alerthp.com

 

Else you'll find it in

http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c03469761/c03469761.pdf

 

Update to the last ONCplus ( B.11.31.15) should work well for you.