Bugtraq mailing list archives
Re: portmapper dangers
From: wietse () wzv win tue nl (Wietse Venema)
Date: Thu, 4 Jul 1996 20:15:54 +0200
der Mouse <mouse () Collatz McRCIM McGill EDU> writes:
The dangers, according to the code changes I saw, are that the portmapper will accept set and unset requests from other than the local machine, and that it will accept set and unset requests for reserved ports from clients not themselves running on reserved ports.
Interesting, my portmapper changes look up the request source address and drop anything that does not match a local interface address.
I don't know what the hell he's found. He told me he had found portmap bugs, bad ones that he almost had to break binary compatbility to fix. I asked about revealing them, he said he didn't want to 'cause 8lgm got so badly flamed for giving out bug info.
Perhaps someone is willing to help me fix this problem? All I have to work from now are rumors that I cannot verify. It it's source address spoofing I wouldn't bother. With AUTH_SYS and AUTH_NONE, all portmappers are vulnerable to spoofing by definition. Wietse
Current thread:
- Re: portmapper dangers Thomas H. Ptacek (Jun 30)
- <Possible follow-ups>
- Re: portmapper dangers der Mouse (Jul 01)
- Re: portmapper dangers Wietse Venema (Jul 04)
- Re: portmapper dangers Wietse Venema (Jul 05)