Re: rpc.statd security vulnerabilities goes with HP-UX 11.x?

Michael Ehrman · ‎02-10-2007

When recently scanning (with a commercial security scanning tool) a couple database servers running HP-UX 11.11, the following rpc.statd security vulnerabilities showed up...

Name: format string attack against statd
Description: The remote statd service could be brought down with a format string attack - it now needs to be restarted manually. This means that an attacker may execute arbitrary code thanks to a bug in this daemon.

Name: statd service
Description: The statd RPC service is running. This service has a long history of security holes, so you should really know what you are doing if you decide to let it run.

Everything I've read at itrc.hp.com shows these vulnerabilites were fixed as part of base HP-UX 11. But I want to make sure this is true before reporting this. Any verification or suggestions how to verify this would be greatly appreciated.

Steven E. Protter · ‎02-11-2007

Shalom,

This is a pretty old question.

It requires a login but search the security warning database here for the answer.

https://www1.itrc.hp.com/service/cki/enterService.do?category=c1

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: rpc.statd security vulnerabilities goes with HP-UX 11.x?

rpc.statd security vulnerabilities goes with HP-UX 11.x?

Re: rpc.statd security vulnerabilities goes with HP-UX 11.x?