Security Incidents mailing list archives

Protect rpc.statd by tcp wrapper? (was Re: /tmp/bob on compromised system

From: "Ralf G. R. Bergs" <rabe () RWTH-Aachen DE>
Date: Wed, 26 Jul 2000 21:22:56 +0200

On Mon, 24 Jul 2000 21:25:14 -0700, Jeffrey F. Lawhorn wrote:

/tmp/bob is a finger print from a rpc.statd exploit.


Is it possible to protect the rpc.statd by using the tcp wrapper?

I currently have the following in my inetd.conf file on my Solaris
2.5.1...2.7 machines:

    rstatd/2-4      tli   rpc/datagram_v wait root \
       /usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd

Is it ok to use tcpd like this:

    rstatd/2-4      tli   rpc/datagram_v wait root \
       /usr/sbin/tcpd /usr/lib/netsvc/rstat/rpc.rstatd

I'm not sure whether TLI and rpc/datagram_v works with tcpd.

Thanks,

Ralf


--
Sign the EU petition against SPAM:          L I N U X       .~.
http://www.politik-digital.de/spam/        The  Choice      /V\
                                            of a  GNU      /( )\
                                           Generation      ^^-^^

Current thread:

/tmp/bob on compromised system Russell Fulton (Jul 24)
- Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 25)
  - Protect rpc.statd by tcp wrapper? (was Re: /tmp/bob on compromised system Ralf G. R. Bergs (Jul 27)
- Re: /tmp/bob on compromised system Joseph Pingenot (Jul 25)
- Re: /tmp/bob on compromised system Fredrik Ostergren (Jul 26)
  - Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 27)
- <Possible follow-ups>
- Re: /tmp/bob on compromised system Matt Merhar (Jul 25)
  - Re: /tmp/bob on compromised system Security (Jul 26)
- Re: /tmp/bob on compromised system Adam Pendleton (Jul 25)
  - Re: /tmp/bob on compromised system Rob McCauley (Jul 26)
    - Re: /tmp/bob on compromised system Granquist, Lamont (Jul 27)
    - Re: /tmp/bob on compromised system Russell Fulton (Jul 28)
- Re: /tmp/bob on compromised system Jens Oeser (Jul 25)

(Thread continues...)