Bugtraq mailing list archives
Re: Addendum to Rpcbind Advisory
From: wietse () WZV WIN TUE NL (Wietse Venema)
Date: Thu, 17 Jul 1997 13:00:02 -0400
Darn, I can't even go off the net anymore for a little eye surgery. I will do nothing about this thing for several weeks, until I am able to work at the screen for more than a few minutes at a time. Wietse
###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######. Secure Networks Inc. Addendum to Advisory July 8, 1997 Addendum to Rpcbind Advisory This Addendum corrects a factual error in the previously distributed advisory. Problem Description ~~~~~~~~~~~~~~~~~~~ The released version of the advisory incorrectly states that Wieste Venema's rpcbind replacement does not service queries sent to a high-numbered udp port. Technical Details ~~~~~~~~~~~~~~~~~ For a detailed description of the problem, please see the original advisory, at http://www.secnet.com/... Impact ~~~~~~ Wieste Venema's rpcbind replacement will service portmapper requests sent to a high-numbered udp port. However access control imposed by the rpcbind replacement will behave normally, even for queries sent to that high-numbered port. Additional Information ~~~~~~~~~~~~~~~~~~~~~~ Past Secure Networks advisories can be found at ftp://ftp.secnet.com/pub/advisories, and Secure Networks papers can be found at ftp://ftp.secnet.com/pub/papers. The error in the advisory was pointed out to us by Casper Dik, Casper.Dik () holland sun com. Wieste Venema's rpcbind can be obtained at ftp://ftp.win.tue.nl/pub/security. Feel free to send responses and commments to sni () secnet com. If you should wish to encrypt such traffic, please use the Secure Networks Inc. key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzLaFzIAAAEEAKsVzPR7Y6oFN5VPE/Rp6Sm82oE0y6Mkuof8QzERV6taihn5 uySb31UeNJ4l6Ud9alOPT/0YdeOO9on6eD1iU8qumFxzO3TLm8nTAdZehQSAQfoa rWmpwj7KpXN/3n+VyBWvhpBdKxe08SQN4ZjvV5HXy4YIrE5bTbgIhFKeVQANAAUR tCVTZWN1cmUgTmV0d29ya3MgSW5jLiA8c25pQHNlY25ldC5jb20+iQCVAwUQM03n 27Tl3s+VYMi5AQHdGwP+N3hhILzzhSvhx1gj6ZElgsLa7Q1P3cTlc/Xqx50/wkcX qIwiPudH+9UHvpL8fUNaHc9iZf3y8YZz0HWz56Vm5SG7uBfB/ksq4x04pQ65dQ1m v51DYCvLG9u0jL4hC3Mz9WvIMANXqOUlAhuU1iy0wM41joE8aHdh2jsLHlB5qlSJ AJUDBRAzTlbK/3eiMPDVSG0BAcTNA/9eF0X4Ei8LM4CXFW7JTB5vwXxerR6FmKI8 0JXt6KTrjGBzTfBrDGUZHNakPELjQPQI+fqg6hKJ7Ro1eSL4QbtX2BTO+wIWoLJG hQmccKleuEK5N9vFgzvPTRknfkbqL1Ta7g3Z9tE8TQhFbj0x4yNFAPB/hOhVvY3s YOkUx4T12A== =ljNl -----END PGP PUBLIC KEY BLOCK----- Copyright Notice ~~~~~~~~~~~~~~~~ The contents of this advisory are Copyright (C) 1997 Secure Networks Inc, and may be distributed freely provided that no fee is charged for distribution, and that proper credit is given.
Current thread:
- Addendum to Rpcbind Advisory Secure Networks Inc (Jul 08)
- Re: Addendum to Rpcbind Advisory Wietse Venema (Jul 17)
- REPOST: Re: Addendum to Rpcbind Advisory Wietse Venema (Jul 31)
- <Possible follow-ups>
- Re: Addendum to Rpcbind Advisory Alfred Huger (Jul 30)