Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RPC protocol problem?

From: unkadath!shamus () pine cse nau edu (James W. Abendschan)
Date: Tue, 23 Aug 1994 14:59:32 -0700 (MDT)


I just read a post in comp.security.unix entitiled "widespread security hole
in exporting of filesystems" which claims there are ways to break into a 
system that has filesystems exported to itself.

Does anyone know anything about this?  The post said "the trick is to make
RPC requests via the portmapper, in such a way that they appear to the mount
daemon to be coming from within the host itself."

The post mentions a program that is "out there" to exploit this hole.  If
anyone has any knowledge of this, could you please post instructions on how
to test for this.


Archie for "nfsbug", an application by Leendert Van Doorn.  This will
attempt to exploit assorted holes in NFS without giving the user a root
shell.

James

-- 
James W. Abendschan                                      shamus () unkadath uucp
...and he who made kittens put snakes in the grass       jwa () sunset cse nau edu
Previous By Date Next
Previous By Thread Next

Current thread: