Bugtraq mailing list archives
Re: NFS exporting
From: perry () snark imsi com (Perry E. Metzger)
Date: Thu, 14 Apr 1994 08:14:31 -0400
Michael Neuman says:
There are techniques you can exploit here that make hijacking an NFS partition or simply destroying it way too simple.Name a few Perry, that's what bugtraq is for... Generally alluding to techniques is worthless.
How about... Listening in on other people's transactions -- stealing or guessing file handles using aquired information. (BTW, fsirand is not exactly a cryptographic random number source.) Incidently, file handle structure isn't exactly random, either -- have a look at whats in them. Using forged packets (possibly source routed) to spoof mountd into handing you file handles which you then exploit. In systems using NIS (the Notoriously Insecure Service), you can spoof NIS packets in order to convince kernels that you have privs you don't have, or spoof it to convince NIS to hand you information you don't deserve. This is just what comes off the top of my head -- I'm sure I can come up with more. Opening up NFS or NIS to the net is asking for trouble. Perry
Current thread:
- NFS exporting Scott D. Yelich (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 13)
- Re: NFS exporting Mike Evans (Apr 13)
- Re: NFS exporting Aggelos D. Keromitis (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 13)
- Re: NFS exporting Michael Neuman (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Paul Graham (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 15)
- Re: NFS exporting Perry E. Metzger (Apr 13)
- <Possible follow-ups>
- Re: NFS exporting smb () research att com (Apr 13)
- Re: NFS exporting Carl Corey (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Rob Quinn (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Aggelos D. Keromitis (Apr 14)
- Re: NFS exporting Steve Simmons (Apr 14)