COMMAND

    rpc.statd

SYSTEMS AFFECTED

    SunOS 5.6, 5.5.1, 5.5, 5.4, and 5.3 (Sparc & x86)

PROBLEM

    Following  is  based  on   Sun  Microsystems  Security   Bulletin.
    rpc.statd is the  NFS file-locking status  monitor.  It  interacts
    with rpc.lockd  to provide  the crash  and recovery  functions for
    file locking across  NFS. rpc.statd allows  indirect RPC calls  to
    other RPC services.  Because  rpc.statd runs as root, this  allows
    remote attackers to bypass access controls of other RPC services.

SOLUTION

    The  following  patches  are  available  in  relation to the above
    problem:

        OS Version       Patch ID
        __________       _________
        SunOS 5.6        106592-02
        SunOS 5.6_x86    106593-02
        SunOS 5.5.1      104166-04
        SunOS 5.5.1_x86  104167-04
        SunOS 5.5        103468-04
        SunOS 5.5_x86    103469-05
        SunOS 5.4        102769-07
        SunOS 5.4_x86    102770-07
        SunOS 5.3        102932-05