Bugtraq mailing list archives
Re: [SNI-14]: Solaris rpcbind vulnerability
From: stucki () math fu-berlin de (C. v. Stuckrad)
Date: Thu, 5 Jun 1997 19:11:00 +0200
On Thu, 5 Jun 1997, Anthony C. Zboralski wrote:
From: "Anthony C. Zboralski" <anthony () SCT FR> Subject: Re: [SNI-14]: Solaris rpcbind vulnerability Date: Thu, 5 Jun 1997 05:13:07 +0200 NOTE: Please don't send mail asking for strobe and lsof. Pristine sources at: ftp.suburbia:/pub/strobe* vic.cc.purdue.edu:/pub/tools/unix/lsof (list open files)
OH, thanks :-) I did not have strobe yet (NOT SARCASTIC!)
Ok i checked from a remote location, a dear solaris 2.5.1 i have access to and there isn't one but 6 ports being listened:
...
It looks sexy but i'll let someone else investigate 'cause i am not taking any more solaris shit today.. it is 4:47 am.
Just an Idea: I did read a document saying there will be a new (so far totally undocumented) feature named 'door' (sounds interesting ;-). I've seen it already used in NIS+ and other name-services. I found it by going through my (old) Solaris2.4, may be it's a regular 'feature' of Solaris >= 2.5, and I seem to remember it was created to overcome the 'sluggishnesses' of RPC for the name- and table- services. As I said above, I did NOT investigate, I only 'truss'ed programs, and found most of them which use sockets seem to also use 'door's. (And since then I always wondered which new bugs will be now in this new security-by-obscurity(only)-'feature'). Sincerely your's, Stucki Christoph von Stuckrad * * | talk to | <stucki () math fu-berlin de> \ Freie Universitaet Berlin |/_* | nickname | ...!unido!fub!leibniz!stucki| Fachbereich Mathematik, EDV |\ * | 'stucki' | Tel:+49 30 838-7545{9|8} | Arnimallee 2-6/14195 Berlin * * | on IRC | Fax:+49 30 838-5913 /
Current thread:
- [SNI-14]: Solaris rpcbind vulnerability Oliver Friedrichs (Jun 04)
- Re: [SNI-14]: Solaris rpcbind vulnerability Anthony C. Zboralski (Jun 04)
- Re: [SNI-14]: Solaris rpcbind vulnerability C. v. Stuckrad (Jun 05)
- Re: [SNI-14]: Solaris rpcbind vulnerability Oliver Friedrichs (Jun 05)
- Re: [SNI-14]: Solaris rpcbind vulnerability Theo de Raadt (Jun 06)
- Re: [SNI-14]: Solaris rpcbind vulnerability Alan Cox (Jun 06)
- Re: [SNI-14]: Solaris rpcbind vulnerability Dmitry Kohmanyuk (Jun 06)
- Re: [SNI-14]: Solaris rpcbind vulnerability Theo de Raadt (Jun 08)
- Re: [SNI-14]: Solaris rpcbind vulnerability Anthony C. Zboralski (Jun 04)
- <Possible follow-ups>
- Re: [SNI-14]: Solaris rpcbind vulnerability James W. Abendschan (Jun 06)
- Re: [SNI-14]: Solaris rpcbind vulnerability William Lewis (Jun 08)