dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Caldera Systems Security Advisory: rpc.statd is not a problem on OpenLinux

Jul 20, 2000, 19:33 (0 Talkback[s])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
                   Caldera Systems, Inc.  Security Advisory

Subject:                rpc.statd is not a problem on OpenLinux
Advisory number:        CSSA-2000-025.0
Issue date:             2000 July, 19
Cross reference:
______________________________________________________________________________


1. Description

   Recently, a vulnerability was discovered in the rpc.statd
   server, which can be used to obtain root privilege remotely.

   rpc.statd should not be confused with rpc.rstatd. The former
   implements the Network Status Monitor protocol, which is used
   by the NFS locking functionality. The latter allows remote clients
   to query a host's statistics (such as load average etc).

   Caldera OpenLinux, eServer and eDesktop do not ship with rpc.statd,
   and hence are not affected by this problem.

2. Vulnerable Versions

   None.

3. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

4. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5dXjJ18sy83A/qfwRAlPVAKCyK1+35MJMhWNhvZTsqSsUrm09eACePge7
Sfg8EPvHQMUX/GNJSTNXBsQ=
=MQwh
-----END PGP SIGNATURE-----