Bugtraq mailing list archives
Re: RPC protocol problem?
From: leif () infoseek com (Leif Hedstrom)
Date: Tue, 23 Aug 1994 10:37:30 -0700
"Baba Z Buehler" writes: I just read a post in comp.security.unix entitiled "widespread security hole in exporting of filesystems" which claims there are ways to break into a system that has filesystems exported to itself.
People might want to use the nfsbug detector by Leendert van Doorn. I don't know if it's in the PD, but it will test an NFS server for several (known) security holes. Output from it might look like: % ./nfsbug -h barth.somewhere.com MOUNTABLE FILE SYSTEM bart.somewhere.com:/home/bart1 (via portmapper) MOUNTABLE FILE SYSTEM bart.somewhere.com:/home/bart2 (via portmapper) MOUNTABLE FILE SYSTEM bart.somewhere.com:/home/bart3 (via portmapper) MOUNTABLE FILE SYSTEM bart.somewhere.com:/var/mail (via portmapper) If someone know it's a PD thing, either post a reference for the official FTP site, or post the shar file here. Perhaps someone knows the author and can ask him? -- Leif /* * nfsbug.c * * Test hosts for well known NFS problems/bugs. Among these tests are: * find world wide exportable file systems, determine whether the * export list really works, determine whether we can mount file systems * through the portmapper, try to guess file handles, excercise the * mknod bug, and the uid masking bug. * * Author: * Leendert van Doorn, april 1994 * * TODO: * - close sockets (?) */
Current thread:
- RPC protocol problem? Baba Z Buehler (Aug 22)
- <Possible follow-ups>
- Re: RPC protocol problem? Adam Shostack (Aug 23)
- Re: RPC protocol problem? Steinar Haug (Aug 23)
- Re: RPC protocol problem? Leif Hedstrom (Aug 23)
- Re: RPC protocol problem? Gene Spafford (Aug 23)
- Re: RPC protocol problem? Doug Davis (Aug 23)
- Re: RPC protocol problem? Pat Myrto (Aug 24)
- Re: RPC protocol problem? jsz (Aug 24)
- Re: RPC protocol problem? Doug Davis (Aug 23)
- Re: RPC protocol problem? [patch for SGI systems] Steve Kotsopoulos (Aug 23)
- Re: RPC protocol problem? [patch for Sun/Solaris systems] Luc Saccavini (Aug 24)
- Re: RPC protocol problem? Christopher Klaus (Aug 23)
- Re: RPC protocol problem? James W. Abendschan (Aug 23)
- Re: RPC protocol problem? der Mouse (Aug 24)
- Re: RPC protocol problem? prince of insufficient light (Aug 24)