OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 3rd quarter (Jul-Sep) 1994: Re: RPC protocol problem?

Re: RPC protocol problem?

jsz (jszramon.bgu.ac.il)
Thu, 25 Aug 94 3:33:25 IDT

> 
> > I don't have an exploit script, but replacing your portmap with
> > Wietse's would probably not hurt.  Heres the blurb:
> 
> I can Wietse's portmapper easily under SunOS, but other 
> architectures (Solaris, Irix, etc.) will not cooperate.
> 
> Does anyone have any diffs or porting info?  I'll post a summary.
> 

rpcbind "plays" role of portmapper on Solaris 2.X, and there is a secure
version of it, ftp.win.tue.nl:/pub/security, rpcbind on Solaris 2.X
also allows you to steal filehandes; mount daemon doesn't do reserved 
port checking, and once a directory is exported to the host itself
you can steal the filehandle.

I don't know of any security problem in IRIX 4.X portmapper, perhaps in 5.2?