|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: portmap
From: Olaf Kirch (okir
caldera.de)Date: Thu Jul 27 2000 - 07:15:25 CDT
- Next message: Andrey Savochkin: "[code] Privileged port binding"
- Previous message: David A. Wagner: "Re: Demo patch - run telnetd as non-root and chroot()'ed"
- Next in thread: Wietse Venema: "Re: portmap"
- Reply: Wietse Venema: "Re: portmap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
here's another portmap glitch I came across.
The current portmapper does incomplete sanity checking on the
ports you register. As a non-root user, you're not allowed
to register services on ports < 1024. You can however register
services on port + 65536.
I cannot see any immediate exploit of this problem, so here's
the demo program.
I've now uploaded my smallrpc library and the patched portmapper
to linux.mathematik.tu-darmstadt:/pub/linux/people/okir/dontuse:
dd897fc3ff57b9f8d19dd3220f94c7fc smallrpc-0.1.tar.gz
53cca86b5d6fab840ba8ffff59ccafe8 portmap-5safer.tar.gz
If the smallrpc library proves to be stable and passes an audit,
I'll start porting other rpc daemons to it as well.
Cheers
Olaf
-- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir
- text/plain attachment: pmap_spoof.c
- application/pgp-signature attachment: stored
- Next message: Andrey Savochkin: "[code] Privileged port binding"
- Previous message: David A. Wagner: "Re: Demo patch - run telnetd as non-root and chroot()'ed"
- Next in thread: Wietse Venema: "Re: portmap"
- Reply: Wietse Venema: "Re: portmap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]