General
cancel
Showing results for 
Search instead for 
Did you mean: 

Network Status Monitor RPC (statd) Vulnerabilities

 
SOLVED
Go to solution
Highlighted
Frequent Advisor

Network Status Monitor RPC (statd) Vulnerabilities

The results of s Retina Network Security Scan stated that we have a high risk associated with RPC services. We are using HP-UX 11.23, I need to know if we are running the latest version of rpc.statd and if it is necessary? It is suggested that we remove the service following the vendors instructions. The warning states that rpc.statd allows remote attackers to foward RPC calls to the local operating system via SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. Anyone know if this is a problem we should address or is there a fix?
Thanks John Ivy
2 REPLIES 2
Highlighted
Honored Contributor

Re: Network Status Monitor RPC (statd) Vulnerabilities

You must contact hp support or consult SSRT bulletins.
or fill the following form:
http://welcome.hp.com/country/us/en/sftware_security.html
Highlighted
HPE Pro
Solution

Re: Network Status Monitor RPC (statd) Vulnerabilities

Hi John,

On 11.23 we release all fixes, security related and otherwise, in the GR patches. I just did a quick search of the ITRC database and here's a current list of all the NFS/ONC patches and their dependencies:

PHCO_36744
PHKL_31500
PHKL_36999
PHKL_36745
PHNE_32057
PHNE_33100
PHNE_34756
PHNE_36979
PHNE_36980
PHNE_36981
PHNE_37488
PHNE_37489
PHNE_37490

If you're really worried about security exploits, many customers will either put their NFS servers behind hardware firewall or use IP Filter to only allow specific systems to contact the RPC daemons.

Regards,

Dave