Bugtraq mailing list archives
Re: rpc.cmsd?
From: mengel () dcdmwm fnal gov (Marc W. Mengel)
Date: Tue, 19 Jul 94 10:52:49 -0600
In <9407182253.AA00326 () snark imsi com> you write: jsz says: > > > > jsz> Perhaps > > > > What does that mean??? > > It means that it's quite likely that rpc.cmsd is vulnerable, and there is a > good chance to locate a security problem in it, which may allow you gain > access to a system from remote, another root-from-remote, if you want. If you know a hole, the purpose of Bugtraq is to describe it so that we can all make ourselves safe. If you don't know of one, please don't make us paranoid unnecessarily. While I feel the "Perhaps" answer is unneccesarily vague :-) I think we should also allow/encourage mailings that say things like: /usr/bin/frob on Frobix systems seems like it's breakable, 'cause if you give it long strings it drops core, and its setuid root; anyone found a way to really break it? Programs that run as root and don't handle large/wierd input properly are often crackable with sufficient effort (like the fingerd bugs). So I think there are situations where it's valid to say that something "probably" has a security bug, even if you haven't found a specific sequence of events that really reproduces the problem, and I think that that sort of input is valuable to this list. One could conceivably find and fix the bug before anyone comes up with the mechanism to exploit it. After all, if you can make it drop core, you may be able to make it do something far more interesting... Marc
Current thread:
- rpc.cmsd? James W. Abendschan (Jul 15)
- Re: rpc.cmsd? jsz (Jul 16)
- Re: rpc.cmsd? Rens Troost (Jul 18)
- Re: rpc.cmsd? jsz (Jul 18)
- Re: rpc.cmsd? Perry E. Metzger (Jul 18)
- Re: rpc.cmsd? Rafi Sadowsky (Jul 19)
- Re: rpc.cmsd? Scott D. Yelich (Jul 19)
- xnews and XDM Paul Howell (Jul 20)
- Re: rpc.cmsd? jsz (Jul 20)
- Re: rpc.cmsd? Perry E. Metzger (Jul 20)
- Re: rpc.cmsd? Rens Troost (Jul 18)
- Re: rpc.cmsd? jsz (Jul 16)
- Re: rpc.cmsd? Marc W. Mengel (Jul 19)
- Re: rpc.cmsd? Paul Daw (Jul 18)
- Re: rpc.cmsd? Mark (Jul 18)
- Re: rpc.cmsd? Rens Troost (Jul 19)
- Re: rpc.cmsd? Alfonso Gutierrez (Jul 19)
- <Possible follow-ups>
- Re: rpc.cmsd? saouli () math ethz ch (Jul 19)
- Re: rpc.cmsd? Pat Myrto (Jul 20)