影响:
入侵者可以藉此漏洞修改网页、获得该主机管理权。
事件描述:
在遭受攻击的UNIX系统上,入侵者常利用下列
rpc.ttdbserverrpc.cmsdrpc.statd/automountd sadmind |
解决方法:
1.将不必要的RPCservice自/etc/inetd.conf中移除,移除方法为
(1)编辑/etc/inetd.conf,将不必要的service前面加上"#"或直接删除后存盘;
(2)kill-HUPinetd.pid。
2.安装修补程序
rpc.statd: OSVersionPatchID ___________________ SunOS5.6106592-02 SunOS5.6_x86106593-02 SunOS5.5.1104166-04 SunOS5.5.1_x86104167-04 SunOS5.5103468-04 SunOS5.5_x86103469-05 SunOS5.4102769-07 SunOS5.4_x86102770-07 SunOS5.3102932-05 automountd: OSVersionPatchID ___________________ SunOS5.5.1104654-05 SunOS5.5.1_x86104655-05 SunOS5.5103187-43 SunOS5.5_x86103188-43 SunOS5.4101945-61 SunOS5.4_x86101946-54 SunOS5.3101318-92 |
ftp://sunsolve.sun.com/pub/patches
RedHat:
请参考下列URL:
http://www.redhat.com/support/errata/RHSA-2000-043-03.HTML
Debian:
请参考下列URL:
http://www.debian.org/security/2000/20000719a
(2)rpc.cmsd
Solaris:
请依照您的版本安装下列修补程序
SunOSversionPatchID ______________________ 5.7107893-04 5.7_x86107894-04 5.6105802-11 5.6_x86105803-13 5.5.1104489-10 5.5.1_x86105496-08 5.5104428-08 5.5_x86105495-06 5.4102734-05 |
ftp://sunsolve.sun.com/pub/patches
(3)rpc.ttdbserverd
Solaris:
请依照您的版本安装下列修补程序
SunOSversionPatchID ______________________ 5.7107893-04 5.7_x86107894-04 5.6105802-11 5.6_x86105803-13 5.5.1104489-10 5.5.1_x86105496-08 5.5104428-08 5.5_x86105495-06 5.4102734-05 |
ftp://sunsolve.sun.com/pub/patches
(4)sadmind
Solaris:
请依照您的版本安装下列修补程序
OSVersionPatchID ___________________ SunOS5.7108662-01 SunOS5.7_x86108663-01 SunOS5.6108660-01 SunOS5.6_x86108661-01 SunOS5.5.1108658-01 SunOS5.5.1_x86108659-01 |
