Unnecessary RPC services like rstatd were enabled, allowing attackers to exploit buffer overflow, DoS, or remote execution vulnerabilities to gain root privileges and compromise the system.These services were expected to be disabled unless explicitly required.
PoC代码[已公开]
id: rpc-enabled
info:
name: Unnecessary RPC Service (rstatd) Enabled
author: songyaeji
severity: high
description: |
Unnecessary RPC services like rstatd were enabled, allowing attackers to exploit buffer overflow, DoS, or remote execution vulnerabilities to gain root privileges and compromise the system.These services were expected to be disabled unless explicitly required.
reference:
- https://isms.kisa.or.kr
tags: linux,local,audit,compliance,kisas
self-contained: true
code:
- engine:
- bash
source: |
if [ -f /etc/xinetd.d/rstatd ]; then
if grep -qE 'disable\s*=\s*no' /etc/xinetd.d/rstatd; then
echo "[VULNERABLE] rstatd RPC service is enabled in xinetd"
else
echo "[SAFE] rstatd RPC service is disabled in xinetd"
fi
elif systemctl is-active --quiet rstatd 2>/dev/null; then
echo "[VULNERABLE] rstatd service is active under systemd"
else
echo "[SAFE] rstatd service not found"
fi
matchers:
- type: word
part: response
words:
- "[VULNERABLE]"
# digest: 4b0a00483046022100f6750e913cde576eb96f1c12fb0f90474840d40783c1e161429833ad56d220b4022100930976aea7d528355a4292f446f0d04e47a668ee56c75baaadea94fb96d2441d:922c64590222798bb761d5b6d8e72950