Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1998: Re: easy DoS in most RPC apps

Re: easy DoS in most RPC apps

Scott Stone (sstoneUME.PHT.CO.JP)
Mon, 18 May 1998 01:29:26 +0900

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bill Paul: "Re: easy DoS in most RPC apps"
Previous message: David LeBlanc: "Re: easy DoS in most RPC apps"
In reply to: David LeBlanc: "Re: easy DoS in most RPC apps"
Next in thread: Bill Paul: "Re: easy DoS in most RPC apps"

On Sun, 17 May 1998, David LeBlanc wrote:

> At 02:35 AM 5/15/98 +0200, Peter van Dijk wrote:
> >Finally, I'm quite sure of this: the bug is in Sun's RPC code.
> >Investigations show Linux, FreeBSD, SunOS, System V and NeXTstep machines
> >are affected, which means we've got a _big_ problem here.
>
> If that's the case, then any ports of these utilities running on Windows NT
> would also exhibit the same problem - we're all running off of pretty much
> the same Sun ONC RPC code.
>

The FreeBSD people have already made a patch for this, check their home
site.  I'm going to attempt to port the patch to Linux, as the base code
should be about the same.. the fix is to a couple of rpc-related files in
the C libraries.

--------------------------------------------------
Scott M. Stone <sstonepht.com, sstoneturbolinux.com>
               <sstonepht.co.jp>
Linux Developer/Systems Administrator for Pacific HiTech, Inc.
http://www.pht.com              http://armadillo.pht.co.jp
http://www.pht.co.jp            http://www.turbolinux.com

Next message: Bill Paul: "Re: easy DoS in most RPC apps"
Previous message: David LeBlanc: "Re: easy DoS in most RPC apps"
In reply to: David LeBlanc: "Re: easy DoS in most RPC apps"
Next in thread: Bill Paul: "Re: easy DoS in most RPC apps"