Bugtraq mailing list archives

Re: NFS/mountd minor bug

From: brian () saturn net (Brian Mitchell)
Date: Thu, 5 Dec 1996 11:07:31 -0600


On Thu, 5 Dec 1996, Alan Cox wrote:

This is only a small one and not that serious because remote lusers shouldnt
have access to your portmappers at all. However if they do then rpc.mountd
gives out more info than is ideal.

Viz

mount testbox:/usr/lib /mnt
mount testbox:/usr/lib failed, reason given by server: Permission denied
mount testbox:/usr/libs /mnt
mount: testbox:/usr/libs failed, reason given by server: No such file or directory

ie you can use it to test what is installed on a box.


Even without access to the portmapper, you can still probe the likely port
space for the mountd service, can you not?

Although admittedly, it is a very small hole.

Current thread:

Re: sunos rlogin Roger Espel Llima (Dec 04)
- Re: sunos rlogin Casper Dik (Dec 05)
- NFS/mountd minor bug Alan Cox (Dec 05)
  - Re: NFS/mountd minor bug Brian Mitchell (Dec 05)
  - Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Kevin L Prigge (Dec 05)
    - Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Paul B. Henson (Dec 05)
    - Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Jody L. Baze (Dec 05)
- Irix NFS fun Foowan (Dec 05)