|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: sadmind exploits (remote sparc/x86)
Subject: Re: sadmind exploits (remote sparc/x86)
From: Lamont Granquist (lamont
ICOPYRIGHT.COM)
Date: Fri Dec 10 1999 - 22:26:07 CST
- Next message: Casper Dik: "Re: sadmind exploits (remote sparc/x86)"
- Previous message: Mike Ireton: "Re: Big problem on 2.0.x?"
- In reply to: Erik Fichtner: "Re: sadmind exploits (remote sparc/x86)"
- Next in thread: Jake Luck: "64bit Sol7 on Ultra1 < 200mhz bug"
- Next in thread: Casper Dik: "Re: sadmind exploits (remote sparc/x86)"
- Reply: Lamont Granquist: "Re: sadmind exploits (remote sparc/x86)"
- Reply: Jake Luck: "64bit Sol7 on Ultra1 < 200mhz bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 10 Dec 1999, Erik Fichtner wrote:
> [...] replace the rpcbind on your solaris2 system with Weitse's tcpwrapped
> version.
>
> It will NOT stop the buffer overflow in sadmind by any means,
> but it will stop this particular exploit script from being used by those
> who cannot fix the code to not ask portmapper for the sadmind port.
Recent nmap 2.x versions will do RPC portscanning to bypass portmappers
with the -R switch, e.g. nmap -sSR -p 1- target.foo.bar (to scan entire
portrange, takes a long time).
> (of course, since it's 18:45 EST on a friday, I imagine someone will post
> a version that does direct-to-sadmind-port poking well before monday a.m.)
Shouldn't be too hard to patch it up to accept nmap output as input.
Wrapping the portmapper is getting less and less useful. Really what
needs to be wrapped is all the RPC services, including sadmind. I was
semi-impressed that starting in 5.2 RedHat started shipping an rpc.mountd
that was linked against libwrap. Something similar from Sun would be
nice.
Meanwhile, a better solution is to get ipf from:
http://coombs.anu.edu.au/ipfilter/
...and to packetfilter all your sun boxes. I haven't looked at the latest
ipf to see if they've fixed it, but fairly recent versions required you to
have the most recent beta version of ipf and to compile 64-bit kernel
modules if you were running a Solaris 7 64-bit kernel -- which requires a
makefile tweak (and, possibly, the Sun workshop compilers if egcs doesn't
support 64-bit solaris yet). Solaris versions <= 2.6 (32-bit kernels)
should work fine. My information here is a couple of months out of date,
please direct question to the ipf mailing list, *NOT* to me -- I don't
have any Sun boxen to play with anymore, I can't help you.
- Next message: Casper Dik: "Re: sadmind exploits (remote sparc/x86)"
- Previous message: Mike Ireton: "Re: Big problem on 2.0.x?"
- In reply to: Erik Fichtner: "Re: sadmind exploits (remote sparc/x86)"
- Next in thread: Jake Luck: "64bit Sol7 on Ultra1 < 200mhz bug"
- Next in thread: Casper Dik: "Re: sadmind exploits (remote sparc/x86)"
- Reply: Lamont Granquist: "Re: sadmind exploits (remote sparc/x86)"
- Reply: Jake Luck: "64bit Sol7 on Ultra1 < 200mhz bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Fri Dec 10 1999 - 23:45:19 CST