Bugtraq mailing list archives
Re: rpc.ypupdated
From: pug () arlut utexas edu (Pug)
Date: Tue, 19 Dec 1995 08:05:46 -0600
I've fixed the SunOS 4.1.3 ypupdated bug (I think). Using tcp_wrapper tcpd to call rpc.ypupdated by inetd, and restricting access for local domain machines, has blocked this security gap. Here follows the steps:
You are of course assuming that none of the local machines have been compromised, and are trusted. In my experience, it is much easier to break in via a machine in the local domain that is less protected. The only safe way is to kill it. (Of course the only secure machine is the one never turned on. Assuming that you have it buried in 6' of concrete so they can't walk off with it.) Btw, under NSkit 1.0 under Solaris 2.x I have only been able to break in via this method *if* keyserv is not running or rpc.ypupdated is started with the -i option. Both of these will cause UNIX instead of DES authentication to be used. Unfortunately I haven't had the time to figure out 2.x's keyserv to see if I can get in somehow through it. Ciao, -- Richard Bainter Mundanely | OS Specialist - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug () arlut utexas edu | pug () eden com | {any user}@pug.net Note: The views may not reflect my employers, or even my own for that matter.
Current thread:
- rpc.ypupdated Marcelo Maia Sobral (Dec 15)
- Re: rpc.ypupdated John Line (Dec 15)
- Re: rpc.ypupdated Martin Hamilton (Dec 16)
- Re: rpc.ypupdated Pug (Dec 19)
- Re: rpc.ypupdated John Line (Dec 15)