Bugtraq mailing list archives
(Q) Sun Rpcbind problem.
From: Chiaki.Ishikawa () PERSONAL-MEDIA CO JP (Chiaki Ishikawa)
Date: Fri, 10 Apr 1998 20:31:14 +0900
X-PMC-CI-e-mail-id: 8013 Lately, there is an annoucement from Sun regarding security problem with its rpcbind. At the office, one of the solaris machine uses a rpcbind replacement: part of the README is attached at the end. Does anyone have an idea if I should upgrade to the Sun rpcbind, or the replacement rpcbind is OK? === begin quote ==== README for rpcbind 1.1 on Fri Dec 9 17:34:12 MET 1994 Description ----------- This is an rpcbind replacement with tcp wrapper style access control. It provides a simple mechanism to discourage remote access to the NIS (YP), NFS, and other rpc services. Alas, the Solaris 2.4 rpcbind will still export file systems to the world through proxy rpc. This version is based on the freely-distributable tirpcsrc2.3 source distribution, as offered for anonymous FTP from playground.sun.com. According to the README: TIRPCSRC 2.3 29 Aug 1994 This distribution contains SunSoft's implementation of transport-independent RPC (TI-RPC), External Data Representation (XDR), and various utilities and documentation. These libraries and programs form the base of Open Network Computing (ONC), and are derived directly from the Solaris 2.3 source. The program has undergone limited testing with SunOS 5.3 (Solaris 2.3). It is obviously very compatible with Solaris 2.3. It will probably work as well with earlier Solaris 2.x versions. Features -------- - host access control on IP addresses. The local host is considered authorized. Host access control requires the libwrap.a library that comes with recent tcp wrapper implementations. - requests that are forwarded by the rpcbind process will be forwarded through an unprivileged port. - the rpcbind process refuses to forward requests to rpc daemons that do (or should) verify the origin of the request: at present, the list includes most of the calls to the NFS mountd/nfsd daemons and the NIS daemons. [omission.] Acknowledgements: ----------------- Thanks to Robert Montjoy for helping with the port of my tirpcsrc1.0 patches to the tirpcsrc2.0 environment. Wietse Venema (wietse () wzv win tue nl) Mathematics and Computing Science Eindhoven University of Technology The Netherlands === end quote ==== -- Ishikawa, Chiaki ishikawa () personal-media co jp.NoSpam or (family name, given name) Chiaki.Ishikawa () personal-media co jp.NoSpam Personal Media Corp. ** Remove .NoSpam at the end before use ** Shinagawa, Tokyo, Japan 142
Current thread:
- BSD coredumps follow symlinks Denis Papp (Mar 28)
- nmap -U <host> undetectable by netranger v2.0 Codex (Apr 01)
- portmap 4.0-8 DoS Michal Zalewski (Apr 01)
- Re: portmap 4.0-8 DoS Peter van Dijk (Apr 07)
- BSDI inetd crash Mark Schaefer (Apr 07)
- Re: BSDI inetd crash FrontLine Assembly (Apr 08)
- SGI O2 ipx security issue Fabrice Planchon (Apr 08)
- BIND vulnerability test program.. Joshua J. Drake (Apr 09)
- (Q) Sun Rpcbind problem. Chiaki Ishikawa (Apr 10)
- Re: (Q) Sun Rpcbind problem. Casper Dik (Apr 10)
- Wietse's RPCBIND Wietse Venema (Apr 10)
- announce: weaken for netscape !! (fwd) Ken Williams (Apr 10)
- Communicator exploits Fernand Portela (Apr 10)
- Sun rpcbind Nicolas Dubee (Apr 10)
- Re: Sun rpcbind Aaron Bornstein (Apr 10)
- QW vulnerability Glenn F. Maynard (Apr 07)
- AppleShare IP Mail Server Chris Wedgwood (Apr 07)
- Re: AppleShare IP Mail Server David Luyer (Apr 07)
- Re: AppleShare IP Mail Server James W. Abendschan (Apr 07)