Bugtraq mailing list archives
Re: RPC protocol problem?
From: Steinar.Haug () runit sintef no (Steinar Haug)
Date: Tue, 23 Aug 1994 18:27:42 +0200 (MET DST)
I just read a post in comp.security.unix entitiled "widespread security hole in exporting of filesystems" which claims there are ways to break into a system that has filesystems exported to itself. Does anyone know anything about this? The post said "the trick is to make RPC requests via the portmapper, in such a way that they appear to the mount daemon to be coming from within the host itself." The post mentions a program that is "out there" to exploit this hole. If anyone has any knowledge of this, could you please post instructions on how to test for this.
Yes, this knowledge is widespread. Pick up the following program which shows how to exploit this and other well known NFS problems. I have enclosed the starting comment from the program at the end of this message. Host ftp.cs.vu.nl Location: /leendert FILE -rw-r--r-- 7597 May 16 15:15 nfsbug.aix.patch FILE -r--r--r-- 3478 May 4 12:12 nfsbug.hpux.patch FILE -r--r--r-- 36023 May 3 19:51 nfsbug.shar Steinar Haug, SINTEF RUNIT, University of Trondheim, NORWAY Email: Steinar.Haug () runit sintef no ----------------------------------- /* * nfsbug.c * * Test hosts for well known NFS problems/bugs. Among these tests are: * find world wide exportable file systems, determine whether the * export list really works, determine whether we can mount file systems * through the portmapper, try to guess file handles, excercise the * mknod bug, and the uid masking bug. * * Author: * Leendert van Doorn, april 1994 * * TODO: * - close sockets (?) */
Current thread:
- RPC protocol problem? Baba Z Buehler (Aug 22)
- <Possible follow-ups>
- Re: RPC protocol problem? Adam Shostack (Aug 23)
- Re: RPC protocol problem? Steinar Haug (Aug 23)
- Re: RPC protocol problem? Leif Hedstrom (Aug 23)
- Re: RPC protocol problem? Gene Spafford (Aug 23)
- Re: RPC protocol problem? Doug Davis (Aug 23)
- Re: RPC protocol problem? Pat Myrto (Aug 24)
- Re: RPC protocol problem? jsz (Aug 24)
- Re: RPC protocol problem? Doug Davis (Aug 23)
- Re: RPC protocol problem? [patch for SGI systems] Steve Kotsopoulos (Aug 23)
- Re: RPC protocol problem? [patch for Sun/Solaris systems] Luc Saccavini (Aug 24)
- Re: RPC protocol problem? Christopher Klaus (Aug 23)
- Re: RPC protocol problem? James W. Abendschan (Aug 23)
- Re: RPC protocol problem? der Mouse (Aug 24)