Bugtraq mailing list archives
Re: rpc.ypupdated
From: jml4 () cus cam ac uk (John Line)
Date: Sat, 16 Dec 1995 00:17:48 +0000
I've fixed the SunOS 4.1.3 ypupdated bug (I think). Using tcp_wrapper tcpd to call rpc.ypupdated by inetd, and restricting access for local domain machines, has blocked this security gap. Here follows the steps: ... 3) Create the file /etc/hosts.deny with the entry: rpc.ypupdated : ALL : (/usr/ucb/finger -l @%h | /usr/ucb/mail -s %d-%h root) &
Er... what if the remote site's fingerd returns output which uses UCB mail's ~-escapes to run commands, or amend the headers and mail "interesting" files somewhere? [I don't think I'll stick my neck out in this forum and risk any suggestions about better ways to send the mail! :-)] John Line -- John Line - Cambridge University Computing Service, Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England. Internet: jml4 () cus cam ac uk JANET: jml4 () uk ac cam cus Phone: +44 1223 334708
Current thread:
- rpc.ypupdated Marcelo Maia Sobral (Dec 15)
- Re: rpc.ypupdated John Line (Dec 15)
- Re: rpc.ypupdated Martin Hamilton (Dec 16)
- Re: rpc.ypupdated Pug (Dec 19)
- Re: rpc.ypupdated John Line (Dec 15)