Bugtraq mailing list archives
Re: [SNI-14]: Solaris rpcbind vulnerability
From: oliverf () silence secnet com (Oliver Friedrichs)
Date: Thu, 5 Jun 1997 12:17:19 -0600
On Thu, 5 Jun 1997, Anthony C. Zboralski wrote:
Ok i checked from a remote location, a dear solaris 2.5.1 i have access to and there isn't one but 6 ports being listened:
Thats one of the strange quirks in Solaris, ports are bound starting above the 32xxx range (unless explicitly bound to a specified port). Any outgoing connection is also going to come from a port above 32xxx (TCP at least). The main problem was more of an illusion that if you were filtering port 111 you were safe. This still doesn't protect you from direct RPC scanning however, which will completely bypass rpcbind and portmap. - Oliver - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211
Current thread:
- [SNI-14]: Solaris rpcbind vulnerability Oliver Friedrichs (Jun 04)
- Re: [SNI-14]: Solaris rpcbind vulnerability Anthony C. Zboralski (Jun 04)
- Re: [SNI-14]: Solaris rpcbind vulnerability C. v. Stuckrad (Jun 05)
- Re: [SNI-14]: Solaris rpcbind vulnerability Oliver Friedrichs (Jun 05)
- Re: [SNI-14]: Solaris rpcbind vulnerability Theo de Raadt (Jun 06)
- Re: [SNI-14]: Solaris rpcbind vulnerability Alan Cox (Jun 06)
- Re: [SNI-14]: Solaris rpcbind vulnerability Dmitry Kohmanyuk (Jun 06)
- Re: [SNI-14]: Solaris rpcbind vulnerability Theo de Raadt (Jun 08)
- Re: [SNI-14]: Solaris rpcbind vulnerability Anthony C. Zboralski (Jun 04)
- <Possible follow-ups>
- Re: [SNI-14]: Solaris rpcbind vulnerability James W. Abendschan (Jun 06)
- Re: [SNI-14]: Solaris rpcbind vulnerability William Lewis (Jun 08)