Operating System - HP-UX
1825570 Members
3409 Online
109682 Solutions
New Discussion

Re: rpc.statd security vulnerabilities goes with HP-UX 11.x?

 
SOLVED
Go to solution
Michael Ehrman
New Member

rpc.statd security vulnerabilities goes with HP-UX 11.x?

When recently scanning (with a commercial security scanning tool) a couple database servers running HP-UX 11.11, the following rpc.statd security vulnerabilities showed up...

Name: format string attack against statd
Description: The remote statd service could be brought down with a format string attack - it now needs to be restarted manually. This means that an attacker may execute arbitrary code thanks to a bug in this daemon.

Name: statd service
Description: The statd RPC service is running. This service has a long history of security holes, so you should really know what you are doing if you decide to let it run.


Everything I've read at itrc.hp.com shows these vulnerabilites were fixed as part of base HP-UX 11. But I want to make sure this is true before reporting this. Any verification or suggestions how to verify this would be greatly appreciated.
1 REPLY 1
Steven E. Protter
Exalted Contributor
Solution

Re: rpc.statd security vulnerabilities goes with HP-UX 11.x?

Shalom,

This is a pretty old question.

It requires a login but search the security warning database here for the answer.

https://www1.itrc.hp.com/service/cki/enterService.do?category=c1

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com