GFI NSS - RPC.ypasswdd service in Windows Server 2003

#1 (**permalink**) 10-17-2005, 04:29 PM

I scanned a Windows Server 2003 by a NSS 5.0 with the latest update. It
reported that it has found two vulnerabilities, RPC.ypasswdd service
vulnerability and Samba buffer overflow.

According to CERT and Security Focus, they are more *IX based
vulnerabilities.

What cause NSS identify these two vulnerabilites? How can I resolve this
issue?

Could someone please shed some light? Any pointers/comments are appreciated.

Thanks,

#2 (**permalink**) 10-22-2005, 11:32 PM

"Doug Fox" <dfox138-no-spam@hotmail.com> wrote in message
news:9sCdnTjrrJH1TM7eRVn-iQ@rogers.com...
> I scanned a Windows Server 2003 by a NSS 5.0 with the latest update. It
> reported that it has found two vulnerabilities, RPC.ypasswdd service
> vulnerability and Samba buffer overflow.
>
> According to CERT and Security Focus, they are more *IX based
> vulnerabilities.
>
> What cause NSS identify these two vulnerabilites? How can I resolve this
> issue?
>
> Could someone please shed some light? Any pointers/comments are
appreciated.
>
> Thanks,
>
#################################
RPC ypasswd is certainly unix related and pretty much outdated AFAIK. If
you have a Unix box run
rpcinfo IP_of_your_server. I'm sure that ypasswdd is not running although
RPC is. There are a few things in windows dependent on RPC. Was that on
port 111? That's was the port used in Unix. Are you running Samba? I
would try another scan using nmap or ostrosoft.. Also, is the server behind
a router and does it have an internal IP address?
donnie

#3 (**permalink**) 10-23-2005, 01:57 AM

"Donnie" <queyosepa@quetejodas.net> wrote in message
news:G_z6f.168662$qY1.15832@bgtnsc04-news.ops.worldnet.att.net...
>
> "Doug Fox" <dfox138-no-spam@hotmail.com> wrote in message
> news:9sCdnTjrrJH1TM7eRVn-iQ@rogers.com...
> > I scanned a Windows Server 2003 by a NSS 5.0 with the latest update. It
> > reported that it has found two vulnerabilities, RPC.ypasswdd service
> > vulnerability and Samba buffer overflow.
> >
> > According to CERT and Security Focus, they are more *IX based
> > vulnerabilities.
> >
> > What cause NSS identify these two vulnerabilites? How can I resolve this
> > issue?
> >
> > Could someone please shed some light? Any pointers/comments are
> appreciated.
> >
> > Thanks,
> >
> #################################
> RPC ypasswd is certainly unix related and pretty much outdated AFAIK. If
> you have a Unix box run
> rpcinfo IP_of_your_server. I'm sure that ypasswdd is not running
although
> RPC is. There are a few things in windows dependent on RPC. Was that on
> port 111? That's was the port used in Unix. Are you running Samba? I
> would try another scan using nmap or ostrosoft.. Also, is the server
behind
> a router and does it have an internal IP address?
> donnie
>
##########################
Make that rcpinfo -p IP_of_your_server
donnie.