Re: CERT Advisory CA-2000-17

[Dylan Griffiths <Dylan_G () BIGFOOT COM>]

Aleph One wrote:
> CERT Advisory CA-2000-17 Input Validation Problem in rpc.statd
>
>    Original release date: August 18, 2000
>    Source: CERT/CC
>
>    A complete revision history is at the end of this file.
..
> RedHat
>
>    http://www.redhat.com/support/errata/RHSA-2000-043-03.html

It should be noted that Red Hat states:
"Although there is no known exploit for the flaw in rpc.statd, Red Hat urges
all users running rpc.statd to upgrade to the new nfs-utils package."

This is wrong.

Because of a message posted by "ron1n - <shellcode () HOTMAIL COM>" on the 5th
of August to Bugtraq.

I quote:
"Included below is an exploit for the recently exposed linux rpc.statd
format string vulnerability[0]. I have tailored it towards current Redhat
Linux 6.x installations. It can easily be incorporated into attacks against
the other vulnerable Linux distributions."

I hope Red Hat updates this information.  Although I really hope they'll
just disable rpc.* services, most things in inetd, and other daemons *BY
DEFAULT*.  If a user can't figure out how to turn on a service, they
probably shouldn't be running the service in the first place.  This alone
would stop most of the "remote root in default" problems that Red Hat (and
other Linuxes) seem to face.  OpenBSD gets this correct, how hard can it be
for the various Linux distrubtions to insert some #s in inetd.conf, or have
things chmod -x by default?

--
    www.kuro5hin.org -- technology and culture, from the trenches.