>This new bug, located in rpc.statd which is also started by default >(imagine that!), allows for remote packets to be bounced to the >local Operating System. This isn't really new. This problem was found by Secure Networks, Inc. last spring and forwarded to vendors. A module to test for this vulnerability has been in Ballista (now CyberCop Scanner from Network Associates) since then as well. It was never publicly noted, since the problem hasn't been fixed yet (and as a security company, we aren't in the habit of disclosing bugs which aren't fixed), however many people knew of this vulnerability as a result of our research. - Oliver Network Associates, Inc.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:27:19 PDT