Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RPC protocol problem?

From: meister () ftp com (prince of insufficient light)
Date: Wed, 24 Aug 1994 14:12:54 -0400

The portmap protocol procedure number 5 is an RPC call forwarding
service. You specify to a remote portmap that you would like it to call
a routine on the remote host for you, and give you the results back. 
(why this is in there is beyond me...) Anyhow, if you use this to
execute a mount request, then the mount daemon on the remote host will
get "localhost" as the answer to a svc_getcaller () call. [ie, as far as
mountd can tell, the request was made by the local host]. Mountd hands
off the file handle back to portmap, which then hands it back to the
remote caller. Got it? 

Wietze's replacement portmap in his "tcpwrap" package will refuse 
to do this, eliminating the hole. Highly recommended.

                                              -phil
Previous By Date Next
Previous By Thread Next

Current thread: