Bugtraq mailing list archives
Re: SUN almost has a clue! (automountd)
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Tue, 5 Jan 1999 10:04:06 +0100
If pathetic.sun.com were a Solaris 2.7 machine with pathetic as its hostname, and a vulnerable Primary name server, an exploit attempt would look like this: Execute commands to spoof reboot off Primary NS here ./amountdexp pathetic.sun.com pathetic reboot 1 If pathetic.sun.com were a Solaris 2.5.1 machine with pathetic as its hostname, an exploit attempt would look like this: ./amountdexp pathetic.sun.com pathetic reboot 0
Since tehre's no such thing as Solaris 2.7, I'm surprised it works tehre. Did you perhaps try it on the beta? My Solaris 7 system complains: Jan 5 09:47:31 room101 automountd[222]: Illegal access attempt by uid=1 - reque st ignored Jan 5 09:47:46 room101 statd[217]: statd: cannot talk to lockd at room101, RPC: Timed out(5) Statd doesn't run as root in Solaris 7 so the automounter will ignore its requests. This change was made late in Solaris 7 development and did not make it into any external release. The easiest way to work around this problem quickly is runnign statd as a user other than root, to this end change in /etc/init.d/nfs.client as follows (but not on Solaris 7, where such a change may break statd) 28c28 < /usr/lib/nfs/statd > /dev/console 2>&1 ---
su daemon -c /usr/lib/nfs/statd > /dev/console 2>&1
(make sure you keep the links in /etc/rc?.d/[SK]*nfs.client pointing to /etc/init.d/nfs.client) and run: chown -R daemon /var/statmon chmod -R og-w /var/statmon Then stop and start lockd & statd. Casper
Current thread:
- Re: PATH variable in zip-slackware 2.0.35, (continued)
- Re: PATH variable in zip-slackware 2.0.35 Rattle (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 Patrick J. Volkerding (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 bandregg () REDHAT COM (Jan 05)
- Re: PATH variable in zip-slackware 2.0.35 Karl Stevens (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 kay (Jan 02)
- Re: PATH variable in zip-slackware 2.0.35 Karl Stevens (Jan 05)
- Re: PATH variable in zip-slackware 2.0.35 kay (Jan 06)
- l0phtcrack 2.5 released The Forlorn (Jan 04)
- Re: SUN almost has a clue! (automountd) Casper Dik (Jan 05)
- Re: FreeBSD 2.2.5 Security problem Eivind Eklund (Jan 03)
- Re: FreeBSD 2.2.5 Security problem User NEAL (Jan 03)