Bugtraq mailing list archives

Re: rpc.cmsd?

From: rafi () tavor openu ac il (Rafi Sadowsky)
Date: Tue, 19 Jul 1994 13:54:48 +0300 (IDT)


oops - forgot the cc's - so here goes
-
Subject: Re: rpc.cmsd?
To: perry () imsi com
Date: Tue, 19 Jul 1994 12:19:01 +0300 (IDT)
From: rafi

Perry E. Metzger wrote:



jsz says:


  >> I've heard there is some method of exploiting rpc.cmsd -- anyone
  >> have any information on this?

  jsz> Perhaps

What does that mean???


It means that it's quite likely that rpc.cmsd is vulnerable, and there is a
good chance to locate a security problem in it, which may allow you gain
access to a system from remote, another root-from-remote, if you want.


If you know a hole, the purpose of Bugtraq is to describe it so that
we can all make ourselves safe. If you don't know of one, please don't
make us paranoid unnecessarily. If you know of one and won't tell us
what it is, then you are not helping anyone and you are not following
the charter of this list.

Perry

[ I apoligise if this is a case of mistaken identity - but I think not ]

given that jsz is a ( hopefully :-) reformed ex-cracker ( better known as "yo" )
I'm somewhat suspicious of his motives ...

(of course I'm a reformed ex-cracker myself - but thats another story... :-)

of course if you're worried about remote users cracking your rpc.cmsd
you should at least use tcp_wrappers to protect it from offsite users
(combined with an approriate router setup - to prevent forged IP source address
of course ...)


well Yonatan(you are jsz aren't you ?) - is that enough provocation
to get some more details from you ?

        Rafi
-- 
+-------------------------------+---------------------------------------+
| Rafi Sadowsky                 | rafi () tavor openu ac il                |
| Comp.Sci. dept                |-[also postmaster () openu ac il]---------+
| Open University of Israel     | Voice: +972-3-6460592                 |
| Tel-Aviv, Israel              | Fax:   +972-3-6460483                 |
+-------------------------------+---------------------------------------+

Current thread:

rpc.cmsd? James W. Abendschan (Jul 15)
- Re: rpc.cmsd? jsz (Jul 16)
  - Re: rpc.cmsd? Rens Troost (Jul 18)
    - Re: rpc.cmsd? jsz (Jul 18)
    - Re: rpc.cmsd? Perry E. Metzger (Jul 18)
    - Re: rpc.cmsd? Rafi Sadowsky (Jul 19)
    - Re: rpc.cmsd? Scott D. Yelich (Jul 19)
    - xnews and XDM Paul Howell (Jul 20)
    - Re: rpc.cmsd? jsz (Jul 20)
    - Re: rpc.cmsd? Perry E. Metzger (Jul 20)
    - Re: rpc.cmsd? Marc W. Mengel (Jul 19)
    - Re: rpc.cmsd? Paul Daw (Jul 18)
    - Re: rpc.cmsd? Mark (Jul 18)
    - Re: rpc.cmsd? Rens Troost (Jul 19)
    - Re: rpc.cmsd? Alfonso Gutierrez (Jul 19)
- Re: rpc.cmsd? Martin Sean Bennet - Sun UK - CSG Engineer (Jul 18)

(Thread continues...)