This is a multi-part message in MIME format. --------------1613D68C5C9BCFF73613D54E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Well, I haven't heard anything from SGI and the bug is still present in IRIX 6.5.3f so I figured I'd pass this along once more... Jeff Long --------------1613D68C5C9BCFF73613D54E Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-ID: <36B1E5A6.5E30A15Aat_private> Date: Fri, 29 Jan 1999 10:45:26 -0600 From: Jeff Long <longat_private> Organization: #f X-Mailer: Mozilla 4.07C-SGI [en] (X11; I; IRIX 6.5 IP32) MIME-Version: 1.0 To: bugtraqat_private CC: security-alertat_private Subject: Re: rpcbind: deceive, enveigle and obfuscate References: <Pine.GSO.3.96.990128124013.27992A-100000at_private> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Ugh, this also affects IRIX 6.5.2f. Jeff Long (Nothing has been snipped as I'm cc'ing SGI on this.) gilbertat_private wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > *** RPCBIND SECURITY ADVISORY *** > > Discovered by: Martin Rosa, mrosaat_private > Authored by: Patrick Gilbert, gilbertat_private > > The vulnerable versions of rpcbind are contained in: > > - -Linux 2.0.34 > - -Irix 6.2 > - -Wietse's rpcbind 2.1 replacement (Wietse's warns > the use of proper filtering to be used with his package, but did you > really read the README?) > - -Solaris 2.6 (you can add and delete services that were inserted remotely) > - -Other version have yet to be tested. > > The problem: > > Rpcbind permits a remote attacker to insert and delete > entries without superuser status by spoofing a source address. > Ironically, it inserts the entries as being owned by superuser (wietse's > rpcbind in this case). > > Consequences are terrible, to say the least. Tests were conducted > with the pmap_tools available at the end of this advisory. > > The solution: > > Make sure you filter 127.0.0.1 and localnets at > your border router. Bad router hygiene will lead to problems. > > The tools: > > A source of pmap_tools for linux, as well as technical details concerning > this advisory can be obtained here: > > http://www.pgci.ca/emain.html > > Cheers, > > - -- > Patrick Gilbert +1 (514) 865-9178 > CEO, PGCI http://www.pgci.ca > Montreal (QC), Canada CE AB B2 18 E0 FE C4 33 0D 9A AC 18 30 1F D9 1A > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBNrBgFvweOHTzUVddAQEO3AQAjjtefHTsCQX5GVXrgp3kOZK5/opckmyv > nBcuL5hOl/vCwkr5SnCRD65FDYIh7NPH53Uj4MSf/xf8Bd28l8VxFG0R0GE3jnwN > Z2lrrVXgZ0Xsmd+MHBnL38vVBdNHQpXb1U1eYCkClX/M6Y+BWnAvavw0wVxoO7bW > 4rzv7/c58eU= > =z0pq > -----END PGP SIGNATURE----- --------------1613D68C5C9BCFF73613D54E--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:23 PDT