Statd Overflow Scanner
Platforms:
Linux
Categories:
Auditing,
Network,
RPC
Version:
URL:
This is a simple scanner written in C for quickly finding UNIX machines with a vulnerable rpc.statd. Statd is a program commonly associated within the conext of file locking for NFS (Networked File System). In particular it keeps 'state' for locked files in use on the shared filesystems. Statd has had a history of security issues, one of which being a buffer overrun in the portion of Statd which takes information from rpc.lockd (the program which handles the actual file locking). Rpc.lockd is supposed to pass information to the status daemon (statd) in order to notify it for which files it should be keeping state on, the problem is initiated by the fact that statd does not do any authentication on wether this information is actually coming from the lock daemon itself. Because there is improper bounds checking in the status daemon a user can then send data to the status daemon (as if it were from the lock daemon) and execute the buffer overflow in question.