Re: Hackers break into Pentagon system

[tqbf () secnet com]

> Is it still a rumor?  I read (forget where, perhaps here) that the bug was
> in statd.  Does statd ever run without NFS?  Were they really running NFS
> on an Internet-connected host? 

The "status" service (rpc.statd) is half of a system for implementing NFS
file locking. Specifically, "status" provides a service for notifying
"stateful" network applications that a server has rebooted; this allows
file locks to be released or reinstated. Statd should not be enabled on
hosts that do not run NFS and have a need for file locking. 

The bug in Sun's implementation appears to have been a cookie-cutter stack
overrun based on an argument to an RPC call that arbitrary clients can
issue. 

-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf    "If you're so special, why aren't you dead?"