> > > O.k., so I got the 'nfsbug' program as suggested in some of the > messages about the NFS/portmapper problems. I found I was getting the > message > > UID .. BUG: host:/filesystem > > Can anyone tell me a bit more about the uid bug and/or how to fix it? > (Is it fixed if I install Wietse's portmapper replacement?) If someone can mount your file system or get a file handle, and your system has the uid mask bug, it allows a user to read/write as root by having a 32 bit number, such as 65536, as your uid. It gets checked for being > than 0 so it passes the root check. but then it gets masked into 16 bit uid, which cuts off the other 16 bits, therefore only 0 is left in the uid. therefore you trick nfs into writing and reading root files. makes it easy to write suid root own files. anyways, solaris2.3 is not vulnerable, because it has all uid's 32 bit, but like sun4.1.3, it is a problem. you may try mailing security-alert@sun.com to see if they have a patch or your local Sun Answer Center. -- Christopher William Klaus <cklaus@shadow.net> <iss@shadow.net> Internet Security Systems, Inc. Computer Security Consulting 2209 Summit Place Drive, Penetration Analysis of Networks Atlanta,GA 30350-2430. (404)998-5871.