Bugtraq mailing list archives
Re: Serious security flaw in rpc.mountd on several operating
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Wed, 27 Aug 1997 02:29:22 -0600
I'm not sure exactly what systems this vulnerability affects, but clearly it is a serious problem.Since then, It has been confirmed that this hole is present on at least some distributions/versions of Linux, Ultrix, NetBSD, OpenBSD, SunOS, Solaris, and probably many many more.
This was solved well before 2.1 shipped. The problem did exist in 2.0, but that's about a year old now, and has been replaced with 2.1. Here's the log entry: ---- symbolic names: OPENBSD_2_1: 1.16.0.2 OPENBSD_2_0: 1.11.0.2 ... revision 1.12 date: 1996/12/05 23:14:27; author: millert; state: Exp; lines: +14 -9 Stop info gathering attack pointed out by Alan Cox <alan () cymru net> Only return ENOENT if the dir trying to be mounted is really exported to the client. Return EACCESS if not exported. ---- Now, if I remember, Alan had posted the information about this to BUGTRAQ, thus prompting us to fix it (there is a small chance that the problem report actually came to us via David Holland, though). Anyways, this is not a new bug. (It's just that most people didn't fix it).
Current thread:
- Serious security flaw in rpc.mountd on several operating systems. Peter (Aug 24)
- Re: Serious security flaw in rpc.mountd on several operating Peter (Aug 25)
- Re: Serious security flaw in rpc.mountd on several operating Theo de Raadt (Aug 27)
- Re: Serious security flaw in rpc.mountd on several operating Luke Mewburn (Aug 28)
- Re: Serious security flaw in rpc.mountd on several operating Theo de Raadt (Aug 27)
- Re: Serious security flaw in rpc.mountd on several operating Peter (Aug 25)