Bugtraq mailing list archives
Re: rpc.ypupdated
From: jml4 () cus cam ac uk (John Line)
Date: Sat, 16 Dec 1995 00:17:48 +0000
I've fixed the SunOS 4.1.3 ypupdated bug (I think). Using tcp_wrapper tcpd to call rpc.ypupdated by inetd, and restricting access for local domain machines, has blocked this security gap. Here follows the steps: ... 3) Create the file /etc/hosts.deny with the entry: rpc.ypupdated : ALL : (/usr/ucb/finger -l @%h | /usr/ucb/mail -s %d-%h root) &
Er... what if the remote site's fingerd returns output which uses UCB mail's
~-escapes to run commands, or amend the headers and mail "interesting" files
somewhere? [I don't think I'll stick my neck out in this forum and risk
any suggestions about better ways to send the mail! :-)]
John Line
--
John Line - Cambridge University Computing Service, Computer Laboratory,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.
Internet: jml4 () cus cam ac uk JANET: jml4 () uk ac cam cus Phone: +44 1223 334708
Current thread:
- rpc.ypupdated Marcelo Maia Sobral (Dec 15)
- Re: rpc.ypupdated John Line (Dec 15)
- Re: rpc.ypupdated Martin Hamilton (Dec 16)
- Re: rpc.ypupdated Pug (Dec 19)
- Re: rpc.ypupdated John Line (Dec 15)