Linux RPC Statd service vulnerability repair

We have recently learned how to fix vulnerabilities in linux!
RPC Statd service RPC dangerous level: high
Detected host ###################################### ####################
Vulnerability No.
Vulnerability classification RPC
High risk level
Affected platform aix irix dg/ux hpux: 9.x, HPUX: 10.x NEC EWS-UX/V, NEC UP-UX/V, nec ux/4800, NeXT step ncr linux
Detailed description:
The remote rpc. lockd file may provide false information to the rpc. statd file, so that the file can be moved or created. RPC statd and RPC lockd work together with maintenance status information to provide crash and recovery across NKS File locks
Function. Because statd does not verify the information received from the remote lockd, attackers can send RPC to create or cancel any files on the system.
It is recommended that you take the following measures to mitigate the threat: Ask the user to contact the supplier or their website to obtain a patch or refer to the supplier's instructions. Select the following operating systems:
1. Hewlett-Packard: before installing the patch, read the Security Advisory HPSBUX9607-032 "Security Vulnerability in rpc. pcnfsd & rpc. statd." Enter patch Ids for search
String and click the Search Technical Knowledge Base link to view this article. The HP Patch Database does not require a paid password. URL: http: // us-
Support.external.hp.com/wpsl/bin/doc.pl /.
After logging on to the Individual Patches (Patch Database) library, search for your vulnerable version of HP-UX flat.
2. IBM Patch Web site: http://aix.boulder.ibm.com/aix.us/aixfixes.
Enter the APAR number to obtain relevant information and patches.
3. Sony: NEWS-OS Patch Ids: 0124,606 3, 6176, and 6207.
4. NEWS-OS patch URL: ftp://ftp1.sony.co.jp/pub/patch/news-os/un-official.
5. DEC (Digital Equipment Corporation): Ultrix eco id #: SSRT03901; OSF/1 eco id #: SSRT038301 URL:
Http://www.service.digital.com/html/patch_service.html
6. SunOS patch URL: http://sunsolve.sun.com/sunsolve/pubpatches/patches.html.
7. Silicon Graphics: the previous version is upgraded to IRIX 5.3. Later versions use the repair method described by SGI Security Advisory. Before installing the patch, read SGI Security Advisory-
P: "Buffer Overrun Vulnerability in statd (1 M) Program" url: ftp://sgigate.sgi.com/security/19971201-01-P1391.SGI
Patch URL: http://www.sgi.com/Support/security/security.html.
Previous versions must be updated or use the "security recommendations" provided by the temporary repair method, designed for IRIX 5.3 platform patches on the web site: ftp://sgigate.sgi.com/patches/5.3/patch1391.tar
8. linux platform: contact the system vendor to obtain the latest version. Www.2cto.com
######################################## #################################
My repair journey!
If your system does not use the NFS service, turn off the rpc. statd service. Let's talk about the functions of RPC and how to disable it!
CentOS uses a combination of core-level support and daemon to provide NFS file sharing. NFS uses Remote Procedure Call (RPC) to route requests on the client and server. In Linux, the RPC service is controlled by the portmap service. To be normal
To use NFS, you also need some related services to work together:
Nfs: Start the RPC service process to serve requests to the NFS file system.
Nfslock: an optional service that starts the RPC process and allows the NFS client to lock files on the server.
Portmap: a Linux RPC service that responds to RPC service requests and establishes a connection with the requested RPC service.
The following RPC background process provides services for NFS
Rpc. mountd: The file system that receives the loading request and verification request from the NFS client is being output. This process is automatically started by the NFS service and does not require user configuration.
Rpc. nfsd: this process is an NFS server. It works with the Linux core to meet the dynamic needs of the NFS client. For example, each request server thread of each NFS client is provided. This process corresponds to the nfs service.
Rpc. lockd: an optional process that allows the NFS client to lock files on the server. This process corresponds to the nfslock service.
Rpc. statd: This process implements the network status monitoring (NSM) RPC protocol, notifying the NFS client when an NFS server is abnormally restarted. This process is automatically started by the nfslock service. User Configuration is not required.
Rpc. rquotad: This process provides user quota information for remote users. This process is automatically started by the nfs service and does not require user configuration.
Therefore, to disable the rpc. statd service of CentOS, you only need to execute the following command.
Rpcgssd, rpcidmapd, rpcsvcgssd
Used for NFS v4. Disable NFS v4 unless you need it or use it.
The procedure is as follows:
1 Stop Service
Service nfslock stop
Service portmap stop
/Etc/init. d/rpcgssd stop
/Etc/init. d/rpcidmapd stop
/Etc/init. d/rpcsvcgssd stop
2 start prohibited
Chkconfig nfslock off
Chkconfig portmap off
Chkconfig rpcgssd off
Chkconfig rpcidmapd off
Chkconfig rpcsvcgssd off
3. view the status
/Etc/init. d/nfslock status
/Etc/init. d/portmap status
/Etc/init. d/rpcgssd status
/Etc/init. d/rpcidmapd status
/Etc/init. d/rpcsvcgssd status
This article is from the "Kang Jianhua" blog