Caldera Systems Security Advisory: rpc.statd is not a problem on OpenLinux
Jul 20, 2000, 19:33 (0 Talkback[s])
-----BEGIN PGP SIGNED MESSAGE-----
Caldera Systems, Inc. Security Advisory
Subject: rpc.statd is not a problem on OpenLinux
Advisory number: CSSA-2000-025.0
Issue date: 2000 July, 19
Recently, a vulnerability was discovered in the rpc.statd
server, which can be used to obtain root privilege remotely.
rpc.statd should not be confused with rpc.rstatd. The former
implements the Network Status Monitor protocol, which is used
by the NFS locking functionality. The latter allows remote clients
to query a host's statistics (such as load average etc).
Caldera OpenLinux, eServer and eDesktop do not ship with rpc.statd,
and hence are not affected by this problem.
2. Vulnerable Versions
This and other Caldera security resources are located at:
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----