Re: GFI NSS - RPC.ypasswdd service in Windows Server 2003

From: Donnie (queyosepa_at_quetejodas.net)
Date: 10/23/05


Date: Sat, 22 Oct 2005 23:32:54 GMT


"Doug Fox" <dfox138-no-spam@hotmail.com> wrote in message
news:9sCdnTjrrJH1TM7eRVn-iQ@rogers.com...
> I scanned a Windows Server 2003 by a NSS 5.0 with the latest update. It
> reported that it has found two vulnerabilities, RPC.ypasswdd service
> vulnerability and Samba buffer overflow.
>
> According to CERT and Security Focus, they are more *IX based
> vulnerabilities.
>
> What cause NSS identify these two vulnerabilites? How can I resolve this
> issue?
>
> Could someone please shed some light? Any pointers/comments are
appreciated.
>
> Thanks,
>
#################################
RPC ypasswd is certainly unix related and pretty much outdated AFAIK. If
you have a Unix box run
rpcinfo IP_of_your_server. I'm sure that ypasswdd is not running although
RPC is. There are a few things in windows dependent on RPC. Was that on
port 111? That's was the port used in Unix. Are you running Samba? I
would try another scan using nmap or ostrosoft.. Also, is the server behind
a router and does it have an internal IP address?
donnie