> > > I don't have an exploit script, but replacing your portmap with > > Wietse's would probably not hurt. Heres the blurb: > > I can Wietse's portmapper easily under SunOS, but other > architectures (Solaris, Irix, etc.) will not cooperate. > > Does anyone have any diffs or porting info? I'll post a summary. > rpcbind "plays" role of portmapper on Solaris 2.X, and there is a secure version of it, ftp.win.tue.nl:/pub/security, rpcbind on Solaris 2.X also allows you to steal filehandes; mount daemon doesn't do reserved port checking, and once a directory is exported to the host itself you can steal the filehandle. I don't know of any security problem in IRIX 4.X portmapper, perhaps in 5.2?