Bugtraq mailing list archives
portmapper dangers
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Sun, 30 Jun 1996 13:48:28 -0400
I recently corresponded with someone about some portmapper dangers. I asked him when he was going to announce the holes, and he said that 8lgm got flamed for releasing details and he didn't want that to happen to him; I then offered to take the heat myself and anonymize him, but he said no, he'd want credit. (I also asked if Venema's portmapper is vulnerable, and he said it was, at least for most of the attacks. I haven't checked it myself.) It seems a bit odd to want the credit but be unwilling to take the heat, but oh well. Well, he may get mad at me for this, but he released code for a fixed portmapper, and I'm going to at least announce what the holes are, though I haven't developed explicit exploit code (and probably won't bother). I'm going to keep him anonymous, though, since that can always be reversed if he wants me to do so (if he wants to be named, I invite him to send me mail saying so), whereas naming him can't be undone. The dangers, according to the code changes I saw, are that the portmapper will accept set and unset requests from other than the local machine, and that it will accept set and unset requests for reserved ports from clients not themselves running on reserved ports. I'm sure most readers of bugtraq will immediately see the dangers inherent in these lacks of checking. (The code I saw counts port 2049, the default NFS port, as reserved even though it is not in the reserved port space. I suppose one could argue whether this should be done.) der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 28)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Validating email sender Brendan McKenna (Jun 30)
- Re: Validating email sender Squidge (Jun 30)
- Re: Validating email sender Alan Brown (Jun 30)
- Re: Validating email sender Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- portmapper dangers der Mouse (Jun 30)
- Re: portmapper dangers Julian Assange (Jun 30)
- Re: portmapper dangers Casper Dik (Jun 30)
- <Possible follow-ups>
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability James Seng (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Michael Constant (Jun 30)