Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: portmapper dangers

From: wietse () wzv win tue nl (Wietse Venema)
Date: Thu, 4 Jul 1996 20:15:54 +0200

der Mouse <mouse () Collatz McRCIM McGill EDU> writes:


The dangers, according to the code changes I saw, are that the
portmapper will accept set and unset requests from other than the local
machine, and that it will accept set and unset requests for reserved
ports from clients not themselves running on reserved ports.


Interesting, my portmapper changes look up the request source address
and drop anything that does not match a local interface address.


I don't know what the hell he's found.  He told me he had found portmap
bugs, bad ones that he almost had to break binary compatbility to fix.
I asked about revealing them, he said he didn't want to 'cause 8lgm got
so badly flamed for giving out bug info.


Perhaps someone is willing to help me fix this problem? All I have to
work from now are rumors that I cannot verify.

It it's source address spoofing I wouldn't bother. With AUTH_SYS and
AUTH_NONE, all portmappers are vulnerable to spoofing by definition.

        Wietse
Previous By Date Next
Previous By Thread Next

Current thread: