PCI Compliance Failure on VPS

vps

#1

Recently a client of mine (hosted with DreamHost VPS) had a PCI Compliance test done. Here are the results of that failure:

Port:
tcp/50286
The rpc.statd Unix RPC service is running on this host. This service is used for providing status monitoring notifications between hosts using NFS. The statd rpc service has been a source of several extremely severe vulnerabilities, some of which are
inherent to the protocol itself.
CVE:
NVD:
Bugtraq:
CVSSv2:
Service:
CVE-2004-1014, CVE-2000-0666, CVE-2000-0800,
CVE-1999-0493, CVE-1999-0019, CVE-1999-0018
CVE-2004-1014, CVE-2000-0666, CVE-2000-0800,
CVE-1999-0493, CVE-1999-0019, CVE-1999-0018
127, 450, 6831, 11785
AV:N/AC:L/Au:N/C:C/I:C/A:C
rpc_status

Evidence:
Detected Protocol Version: 1

Remediation:
Review your filtering rules and ensure that statd is not exposed to the Internet. This often also requires filtering the portmapper if black-list port filters are used. In many cases, the safest and easiest solution is to disable rpc.statd altogether if it is not in use.
This service can be safely turned off on a machine if that machine is neither an NFS client nor an NFS server.

Also, this link was given:
http://www.debian.org/security/2004/dsa-606

The link suggest that this issue was resolved in past versions of Debian (3.0) the VPS says it is running Debian 6.0.6

Does anyone have a clue as to how to solve this? I have submitted two tickets for this a few days ago but have had no response from DreamHost


#2

Well, I just kept hopping onto live chat and bugging the DreamHost staff and they finally got back to me. Not sure what they did but they say they fixed the issue:

[quote]Hello,

Thank you for writing, and for your patience.

Our system administrators resolved the rpc.statd issue yesterday. Please
have your PCI scan provider re-scan your site.

Thanks,

Karl [/quote]