Bugtraq mailing list archives
RPC protocol problem?
From: baba () ph-meter beckman uiuc edu (Baba Z Buehler)
Date: Tue, 23 Aug 1994 00:39:23 -0500
I just read a post in comp.security.unix entitiled "widespread security hole in exporting of filesystems" which claims there are ways to break into a system that has filesystems exported to itself. Does anyone know anything about this? The post said "the trick is to make RPC requests via the portmapper, in such a way that they appear to the mount daemon to be coming from within the host itself." The post mentions a program that is "out there" to exploit this hole. If anyone has any knowledge of this, could you please post instructions on how to test for this. thanks, -- # Baba Z Buehler # Beckman Institute Systems Services, Urbana Illinois # # "How come that big box of bright ideas you sent # me is the one they say fell off the truck?" -- Butch Hancock # # WWW: http://www.beckman.uiuc.edu/groups/biss/people/baba/ # PGP Public Key available via finger baba () beckman uiuc edu
Current thread:
- RPC protocol problem? Baba Z Buehler (Aug 22)
- <Possible follow-ups>
- Re: RPC protocol problem? Adam Shostack (Aug 23)
- Re: RPC protocol problem? Steinar Haug (Aug 23)
- Re: RPC protocol problem? Leif Hedstrom (Aug 23)
- Re: RPC protocol problem? Gene Spafford (Aug 23)
- Re: RPC protocol problem? Doug Davis (Aug 23)
- Re: RPC protocol problem? Pat Myrto (Aug 24)
- Re: RPC protocol problem? jsz (Aug 24)
- Re: RPC protocol problem? Doug Davis (Aug 23)
- Re: RPC protocol problem? [patch for SGI systems] Steve Kotsopoulos (Aug 23)
- Re: RPC protocol problem? [patch for Sun/Solaris systems] Luc Saccavini (Aug 24)
- Re: RPC protocol problem? Christopher Klaus (Aug 23)