Re: GFI NSS - RPC.ypasswdd service in Windows Server 2003

From: Donnie (queyosepa_at_quetejodas.net)
Date: 10/23/05

• Next message: Imhotep: "Re: Security fears over MS October patches..."
• Previous message: Donnie: "Re: AIM buffer overflow code"
• In reply to: Doug Fox: "GFI NSS - RPC.ypasswdd service in Windows Server 2003"
• Next in thread: Donnie: "Re: GFI NSS - RPC.ypasswdd service in Windows Server 2003"
• Reply: Donnie: "Re: GFI NSS - RPC.ypasswdd service in Windows Server 2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 22 Oct 2005 23:32:54 GMT

"Doug Fox" <dfox138-no-spam@hotmail.com> wrote in message
news:9sCdnTjrrJH1TM7eRVn-iQ@rogers.com...
> I scanned a Windows Server 2003 by a NSS 5.0 with the latest update. It
> reported that it has found two vulnerabilities, RPC.ypasswdd service
> vulnerability and Samba buffer overflow.
>
> According to CERT and Security Focus, they are more *IX based
> vulnerabilities.
>
> What cause NSS identify these two vulnerabilites? How can I resolve this
> issue?
>
> Could someone please shed some light? Any pointers/comments are
appreciated.
>
> Thanks,
>
#################################
RPC ypasswd is certainly unix related and pretty much outdated AFAIK. If
you have a Unix box run
rpcinfo IP_of_your_server. I'm sure that ypasswdd is not running although
RPC is. There are a few things in windows dependent on RPC. Was that on
port 111? That's was the port used in Unix. Are you running Samba? I
would try another scan using nmap or ostrosoft.. Also, is the server behind
a router and does it have an internal IP address?
donnie

---

• Next message: Imhotep: "Re: Security fears over MS October patches..."
• Previous message: Donnie: "Re: AIM buffer overflow code"
• In reply to: Doug Fox: "GFI NSS - RPC.ypasswdd service in Windows Server 2003"
• Next in thread: Donnie: "Re: GFI NSS - RPC.ypasswdd service in Windows Server 2003"
• Reply: Donnie: "Re: GFI NSS - RPC.ypasswdd service in Windows Server 2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: RPC.ypasswdd service in Windows Server 2003? ... > reported that it has found two vulnerabilities, ... > vulnerability and Samba buffer overflow. ... did you really have UNIX services on it? ... "Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten ... (comp.security.misc) Re: GFI NSS - RPC.ypasswdd service in Windows Server 2003 ... >> reported that it has found two vulnerabilities, ... >> vulnerability and Samba buffer overflow. ... > RPC ypasswd is certainly unix related and pretty much outdated AFAIK. ... (alt.computer.security) RPC.ypasswdd service in Windows Server 2003? ... I scanned a Windows Server 2003 by a NSS 5.0 with the latest update. ... reported that it has found two vulnerabilities, ... vulnerability and Samba buffer overflow. ... (comp.security.misc) GFI NSS - RPC.ypasswdd service in Windows Server 2003 ... I scanned a Windows Server 2003 by a NSS 5.0 with the latest update. ... reported that it has found two vulnerabilities, ... vulnerability and Samba buffer overflow. ... (alt.computer.security) [NEWS] Buffer Overrun In RPCSS Service Could Allow Code Execution ... Remote Procedure Call (RPC) is a protocol used by the Windows operating ... There are three newly identified vulnerabilities in the part of RPCSS ... Service that deals with RPC messages for DCOM activation- ... (Securiteam)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2005-10