Bugtraq mailing list archives

Re: rpc.nfsd exploit code

From: R.E.Wolff () BITWIZARD NL (Rogier Wolff)
Date: Sat, 13 Nov 1999 00:16:39 +0100


Mariusz Marcinkiewicz wrote:


Hi

On Thu, 11 Nov 1999, Crispin Cowan wrote:

We were unable to get this sploit to actually produce a root shell on an
unprotected nfsd.


Sorry, this version of exploit wasn't tested well. Maybe it doesn't work
in some cases.


Maybe. My experience is that when I send a working exploit to about 20
linux users who volunteered to test these things, I get about a 50/50
'Whoa that gave me a root shell in a second' versus 'Nope, we're safe:
this doesn't work on .....'

The "bad" guys have the time and take the trouble to tune an exploit
till it works. The "good" guys don't have the time. It's best to take
"there is an exploit" or "this is the exploit" at face value and
upgrade. Really.

                                Roger.

--
** R.E.Wolff () BitWizard nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
 "I didn't say it was your fault. I said I was going to blame it on you."

Current thread:

Irfan view 3.07 buffer overflow, (continued)
- Irfan view 3.07 buffer overflow UNYUN (Nov 08)
- Re: Security flaw in Cobalt RaQ2 cgiwrap Nathan Neulinger (Nov 08)
  - Re: Security flaw in Cobalt RaQ2 cgiwrap Chris Adams (Nov 09)
- undocumented bugs - nfsd Mariusz Marcinkiewicz (Nov 09)
  - Re: undocumented bugs - nfsd Olaf Kirch (Nov 10)
    - rpc.nfsd exploit code Mariusz Marcinkiewicz (Nov 10)
    - Re: rpc.nfsd exploit code Crispin Cowan (Nov 11)
    - WU-FTPD Mnemonix (Nov 11)
    - Re: WU-FTPD hayward () SLOTHMUD ORG (Nov 12)
    - Re: rpc.nfsd exploit code Mariusz Marcinkiewicz (Nov 12)
    - Re: rpc.nfsd exploit code Rogier Wolff (Nov 12)
    - BIND NXT Bug Vulnerability Elias Levy (Nov 10)
    - Re: BIND NXT Bug Vulnerability Richard Trott (Nov 10)
    - Re: BIND NXT Bug Vulnerability Mike Iglesias (Nov 10)
    - [RHSA-1999:053-01] new NFS server pacakges available (5.2, 4.2) Bill Nottingham (Nov 10)
    - Re: [linux-security] Re: undocumented bugs - nfsd Olaf Kirch (Nov 11)
    - SmartServer3 POP3 BindView Advisory (Nov 11)
    - THE 12th ANNUAL FIRST CONFERENCE on COMPUTER SECURITY michele sensalari (Nov 11)
    - OS/390 Interlink Stack DoS with nmap bugz () NAZGUL COM (Nov 11)
    - Re: OS/390 Interlink Stack DoS with nmap bugz () NAZGUL COM (Nov 17)
    - [Debian] New version of proftpd fixes remote exploits Aleph One (Nov 11)