Bugtraq mailing list archives
Re: rpc.nfsd exploit code
From: crispin () CSE OGI EDU (Crispin Cowan)
Date: Thu, 11 Nov 1999 22:19:27 +0000
Mariusz Marcinkiewicz wrote:
hi, patch was published so i can send you exploit code
We were unable to get this sploit to actually produce a root shell on an unprotected nfsd. However, we were able to get it to produce a StackGuard intrusion alert when we used it to attack the StackGuarded nfsd. Here's the intrusion alert StackGuard dropped into syslog: Nov 11 13:03:42 kryten rpc.nfsd[330]: Immunix type 1 Canary[0] = aff0d died with cadaver fff60661 in procedure fh_compose. Here's the StackGuarded nfsd: http://immunix.org/StackGuard/RH52/RPMS/nfs-server-2.2beta37-1_SG12.i386.rpm Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Security flaw in Cobalt RaQ2 cgiwrap Chris Adams (Nov 08)
- Irfan view 3.07 buffer overflow UNYUN (Nov 08)
- Re: Security flaw in Cobalt RaQ2 cgiwrap Nathan Neulinger (Nov 08)
- Re: Security flaw in Cobalt RaQ2 cgiwrap Chris Adams (Nov 09)
- undocumented bugs - nfsd Mariusz Marcinkiewicz (Nov 09)
- Re: undocumented bugs - nfsd Olaf Kirch (Nov 10)
- rpc.nfsd exploit code Mariusz Marcinkiewicz (Nov 10)
- Re: rpc.nfsd exploit code Crispin Cowan (Nov 11)
- WU-FTPD Mnemonix (Nov 11)
- Re: WU-FTPD hayward () SLOTHMUD ORG (Nov 12)
- Re: rpc.nfsd exploit code Mariusz Marcinkiewicz (Nov 12)
- Re: rpc.nfsd exploit code Rogier Wolff (Nov 12)
- Re: undocumented bugs - nfsd Olaf Kirch (Nov 10)
- BIND NXT Bug Vulnerability Elias Levy (Nov 10)
- Re: BIND NXT Bug Vulnerability Richard Trott (Nov 10)
- Re: BIND NXT Bug Vulnerability Mike Iglesias (Nov 10)
- [RHSA-1999:053-01] new NFS server pacakges available (5.2, 4.2) Bill Nottingham (Nov 10)
- Re: [linux-security] Re: undocumented bugs - nfsd Olaf Kirch (Nov 11)
- SmartServer3 POP3 BindView Advisory (Nov 11)