- 论坛徽章:
- 0
|
\r\n各位dx:\r\n系统漏洞扫描时出现下面的提示,请问改如何解决?谢谢~~~~\r\n\r\n\r\nrpcstatd: RPC statd remote file creation and removal\r\n\r\nRemote Procedure Call (RPC) statd maintains state information in cooperation with RPC lockd to provide crash and recovery\r\nfunctionality for file locking across the Network File System (NFS). Statd does not validate information received from a remote lockd. By\r\nsending to the statd service an RCP or RDIST request including references to the parent directory (\"..\\\"), an attacker can provide false\r\ninformation to the rpc.statd file, allowing the creation of a file in an arbitrary directory on the host. This can be used to overwrite\r\npre-existing files or create new files on the host. |
|