Bugtraq mailing list archives
rpc.ypupdated
From: sobral () INF UFSC BR (Marcelo Maia Sobral)
Date: Fri, 15 Dec 1995 13:00:04 -0200
I've fixed the SunOS 4.1.3 ypupdated bug (I think). Using tcp_wrapper tcpd to call rpc.ypupdated by inetd, and restricting access for local domain machines, has blocked this security gap. Here follows the steps: 1) Add the following line to inetd.conf: ypupdated/1 stream rpc/tcp wait root /usr/etc/tcpd /usr/etc/rpc.ypupdated rpc.ypupdated 2) Create file /etc/hosts.allow with the entry: rpc.ypupdated : LOCAL : 3) Create the file /etc/hosts.deny with the entry: rpc.ypupdated : ALL : (/usr/ucb/finger -l @%h | /usr/ucb/mail -s %d-%h root) & 4) Remove rpc.ypupdated call from /etc/rc.local. 5) Kill rpc.ypupdated (if running), and send a Hangup (kill -HUP) to inetd. This solution effectivelly protects ther machine. When a intrusion trying occurs, a finger is made on the originating host and the result is mailed to the administrator. Good luck ! Marcelo Sobral Informatic and Statistic Dep. Universidade Federal de Santa Catarina Florianopolis - SC - Brasil email: sobral () inf ufsc br
Current thread:
- rpc.ypupdated Marcelo Maia Sobral (Dec 15)
- Re: rpc.ypupdated John Line (Dec 15)
- Re: rpc.ypupdated Martin Hamilton (Dec 16)
- Re: rpc.ypupdated Pug (Dec 19)
- Re: rpc.ypupdated John Line (Dec 15)