Re: RPC protocol problem?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Valdis.Kletnieks@vt.edu: "Re: flash"
• Previous message: Forrest Aldrich: "nfsbug"
• Maybe in reply to: Baba Z Buehler: "RPC protocol problem?"
• Next in thread: der Mouse: "Re: RPC protocol problem?"

> I just read a post in comp.security.unix entitiled "widespread security hole
> in exporting of filesystems" which claims there are ways to break into a 
> system that has filesystems exported to itself.
> 
> Does anyone know anything about this?  The post said "the trick is to make
> RPC requests via the portmapper, in such a way that they appear to the mount
> daemon to be coming from within the host itself."
> 
> The post mentions a program that is "out there" to exploit this hole.  If
> anyone has any knowledge of this, could you please post instructions on how
> to test for this.

Archie for "nfsbug", an application by Leendert Van Doorn.  This will
attempt to exploit assorted holes in NFS without giving the user a root
shell.

James

-- 
James W. Abendschan                                      shamus@unkadath.uucp
...and he who made kittens put snakes in the grass       jwa@sunset.cse.nau.edu

• Next message: Valdis.Kletnieks@vt.edu: "Re: flash"
• Previous message: Forrest Aldrich: "nfsbug"
• Maybe in reply to: Baba Z Buehler: "RPC protocol problem?"
• Next in thread: der Mouse: "Re: RPC protocol problem?"