Bugtraq mailing list archives
Wietse's RPCBIND
From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Fri, 10 Apr 1998 15:26:47 -0400
"My" rpcbind (which is mostly SUN code) does: unlink(savefile); fopen(savefile); Thus, the time window is small. Moreover, you get only one chance; once rpcbind is gone, someone has to restart it by hand. I figure that if you slow down the file system enough, and fill up the open file table, there will be a way to sneak in. The fix is to open the save file with the O_EXCL flag set. I'm about to leave for a week. I'll see if I can get out an update today, otherwise it will have to be a week later. Wietse
Current thread:
- BSD coredumps follow symlinks Denis Papp (Mar 28)
- nmap -U <host> undetectable by netranger v2.0 Codex (Apr 01)
- portmap 4.0-8 DoS Michal Zalewski (Apr 01)
- Re: portmap 4.0-8 DoS Peter van Dijk (Apr 07)
- BSDI inetd crash Mark Schaefer (Apr 07)
- Re: BSDI inetd crash FrontLine Assembly (Apr 08)
- SGI O2 ipx security issue Fabrice Planchon (Apr 08)
- BIND vulnerability test program.. Joshua J. Drake (Apr 09)
- (Q) Sun Rpcbind problem. Chiaki Ishikawa (Apr 10)
- Re: (Q) Sun Rpcbind problem. Casper Dik (Apr 10)
- Wietse's RPCBIND Wietse Venema (Apr 10)
- announce: weaken for netscape !! (fwd) Ken Williams (Apr 10)
- Communicator exploits Fernand Portela (Apr 10)
- Sun rpcbind Nicolas Dubee (Apr 10)
- Re: Sun rpcbind Aaron Bornstein (Apr 10)
- QW vulnerability Glenn F. Maynard (Apr 07)
- AppleShare IP Mail Server Chris Wedgwood (Apr 07)
- Re: AppleShare IP Mail Server David Luyer (Apr 07)
- Re: AppleShare IP Mail Server James W. Abendschan (Apr 07)
- Re: Geac ADVANCE library system security HOLE Damian Kelly (Apr 03)