Re: SunRPC and slackware 3.4 and 3.5..

vermontGATE.NET

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Simple Nomad: "NMRC Advisory - Default NDS Rights"
• Previous message: Darren Reed: "Making "stealth" scans harder. (fwd)"
• In reply to: Andrew Hobgood: "Re: SunRPC and slackware 3.4 and 3.5.."
• Next in thread: Patrick J. Volkerding: "Re: SunRPC and slackware 3.4 and 3.5.."

Perhaps it's an exploit involving the sprintf()s in the nfs-server package
that were recently fixed.  The sprintf()s were in a section of code that
dealt with logging, and I believe were shared between mountd & nfsd.

The fixed package is available at
ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir/nfs-server-2.2beta36.tar.gz

In fact, looking back at Okir's message to Bugtraq, he says:
heres an update on the Linux unfsd hole. The problem (as most may
have found out by now looking at the diffs) was a buffer overrun in
the code that was supposed to log failed mount attempts :-/

This exploit might not be anything new.  It would help to know what
version of nfsd the cracked sites were running..

On Thu, 17 Sep 1998, Andrew Hobgood wrote:

> > There is apparently a un-released remote root exploit for slackware
> > 3.4-3.5 that involves sunrpc.
>
> The grapevine seems to indicate that it's a buffer overrun in rpc.mountd.
> Again, I can't verify the accuracy of this information.
>

• Next message: Simple Nomad: "NMRC Advisory - Default NDS Rights"
• Previous message: Darren Reed: "Making "stealth" scans harder. (fwd)"
• In reply to: Andrew Hobgood: "Re: SunRPC and slackware 3.4 and 3.5.."
• Next in thread: Patrick J. Volkerding: "Re: SunRPC and slackware 3.4 and 3.5.."