HighCheck or Attack Name: rpcpcnfsd
The RPC pcnfsd vulnerability was found, allowing an attacker to execute commands on the vulnerable system.
Warning: Older versions of pcnfsd can hang if this check is performed. Do not perform this check on systems that run an old version of pcnfsd, or upgrade the daemon to a recent version.
Obtain newer version of pcnfsd from your vendor, or obtain and install a public domain pcnfsd that has been certified as not vulnerable. Also, set the mode of the top-level pcnfsd spool directory to 755 by typing: chmod 755 /usr/spool/pcnfs
A public domain pcnfsd is available from ftp://ftp.cert.org/pub/tools/pcnfsd/pcnfsd.93.02.16-cert-dist.tar.Z or from ftp://ftp.cert.dfn.de/pub/tools/net/pcnfsd/pcnfsd.93.02.16-cert-dist.tar.Z.
CERT Advisory CA-96.08, Vulnerabilities in PCNFSD, http://www.cert.org/ftp/cert_advisories/CA-96.08.pcnfsd
