影響:
入侵者可以藉此漏洞修改網頁、獲得該主機管理權。
事件描述:
在遭受攻擊的UNIX系統上,入侵者常利用下列
rpc.ttdbserverrpc.cmsdrpc.statd/automountd sadmind |
解決方法:
1.將不必要的RPCservice自/etc/inetd.conf中移除,移除方法為
(1)編輯/etc/inetd.conf,將不必要的service前面加上"#"或直接刪除后存盤;
(2)kill-HUPinetd.pid。
2.安裝修補程序
rpc.statd: OSVersionPatchID ___________________ SunOS5.6106592-02 SunOS5.6_x86106593-02 SunOS5.5.1104166-04 SunOS5.5.1_x86104167-04 SunOS5.5103468-04 SunOS5.5_x86103469-05 SunOS5.4102769-07 SunOS5.4_x86102770-07 SunOS5.3102932-05 automountd: OSVersionPatchID ___________________ SunOS5.5.1104654-05 SunOS5.5.1_x86104655-05 SunOS5.5103187-43 SunOS5.5_x86103188-43 SunOS5.4101945-61 SunOS5.4_x86101946-54 SunOS5.3101318-92 |
ftp://sunsolve.sun.com/pub/patches
RedHat:
請參考下列URL:
http://www.redhat.com/support/errata/RHSA-2000-043-03.HTML
Debian:
請參考下列URL:
http://www.debian.org/security/2000/20000719a
(2)rpc.cmsd
Solaris:
請依照您的版本安裝下列修補程序
SunOSversionPatchID ______________________ 5.7107893-04 5.7_x86107894-04 5.6105802-11 5.6_x86105803-13 5.5.1104489-10 5.5.1_x86105496-08 5.5104428-08 5.5_x86105495-06 5.4102734-05 |
ftp://sunsolve.sun.com/pub/patches
(3)rpc.ttdbserverd
Solaris:
請依照您的版本安裝下列修補程序
SunOSversionPatchID ______________________ 5.7107893-04 5.7_x86107894-04 5.6105802-11 5.6_x86105803-13 5.5.1104489-10 5.5.1_x86105496-08 5.5104428-08 5.5_x86105495-06 5.4102734-05 |
ftp://sunsolve.sun.com/pub/patches
(4)sadmind
Solaris:
請依照您的版本安裝下列修補程序
OSVersionPatchID ___________________ SunOS5.7108662-01 SunOS5.7_x86108663-01 SunOS5.6108660-01 SunOS5.6_x86108661-01 SunOS5.5.1108658-01 SunOS5.5.1_x86108659-01 |
