Bugtraq mailing list archives
Re: portmapper dangers
From: tqbf () rdist org (Thomas H. Ptacek)
Date: Mon, 1 Jul 1996 04:45:36 +0000
The dangers, according to the code changes I saw, are that the portmapper will accept set and unset requests from other than the local machine, and that it will accept set and unset requests for reserved
So I assume the person you've been corresponding with has found a way to exploit that in some novel, clever way? Like, if you PMAPPROC_SET something with a weird number it'll barf and give you a shell? Not to be argumentative, but the fact that you can do unauthenticated sets and unsets has been documented ever since the O'Reilly RPC book came out (read the appendices). And as far as I can tell, if outsiders don't have access to your portmapper a la portmap3, they still can't do a set or an unset. Has your associate found a way around Mr. Venema's access control? --- Thomas Ptacek (tqbf () rdist org)
Current thread:
- Re: portmapper dangers Thomas H. Ptacek (Jun 30)
- <Possible follow-ups>
- Re: portmapper dangers der Mouse (Jul 01)
- Re: portmapper dangers Wietse Venema (Jul 04)
- Re: portmapper dangers Wietse Venema (Jul 05)