Firewall Wizards mailing list archives
Re: Hackers break into Pentagon system
From: tqbf () secnet com
Date: Mon, 27 Apr 1998 21:59:46 -0500 (CDT)
Is it still a rumor? I read (forget where, perhaps here) that the bug was in statd. Does statd ever run without NFS? Were they really running NFS on an Internet-connected host?
The "status" service (rpc.statd) is half of a system for implementing NFS file locking. Specifically, "status" provides a service for notifying "stateful" network applications that a server has rebooted; this allows file locks to be released or reinstated. Statd should not be enabled on hosts that do not run NFS and have a need for file locking. The bug in Sun's implementation appears to have been a cookie-cutter stack overrun based on an argument to an RPC call that arbitrary clients can issue. ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "If you're so special, why aren't you dead?"
Current thread:
- Re: Hackers break into Pentagon system, threaten to sell info Rama Kant (Apr 26)
- Re: Hackers break into Pentagon system, threaten to sell info Aleph One (Apr 27)
- Re: Hackers break into Pentagon system, threaten to sell info Steve Birnbaum (Apr 27)
- Re: Hackers break into Pentagon system Roger Marquis (Apr 27)
- Re: Hackers break into Pentagon system tqbf (Apr 28)
- Re: Hackers break into Pentagon system Nick Drage (Apr 28)