Re: rpc.nfsd exploit code

From: Crispin Cowan (crispinat_private)
Date: Thu Nov 11 1999 - 14:19:27 PST

Next message: Mariusz Marcinkiewicz: "Re: rpc.nfsd exploit code"

Previous message: pedwardat_private: "Re: F5 Networks Security Advisory (fwd)"
Maybe in reply to: Mariusz Marcinkiewicz: "rpc.nfsd exploit code"
Next in thread: Mariusz Marcinkiewicz: "Re: rpc.nfsd exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mariusz Marcinkiewicz wrote:

> hi,
> patch was published so i can send you exploit code

We were unable to get this sploit to actually produce a root shell on an
unprotected nfsd.  However, we were able to get it to produce a StackGuard
intrusion alert when we used it to attack the StackGuarded nfsd.  Here's the
intrusion alert StackGuard dropped into syslog:

Nov 11 13:03:42 kryten rpc.nfsd[330]: Immunix type 1 Canary[0] = aff0d died with
cadaver fff60661 in procedure
fh_compose.

Here's the StackGuarded nfsd:
http://immunix.org/StackGuard/RH52/RPMS/nfs-server-2.2beta37-1_SG12.i386.rpm

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc.    http://wirex.com
Free Hardened Linux Distribution:                 http://immunix.org

Next message: Mariusz Marcinkiewicz: "Re: rpc.nfsd exploit code"
Previous message: pedwardat_private: "Re: F5 Networks Security Advisory (fwd)"
Maybe in reply to: Mariusz Marcinkiewicz: "rpc.nfsd exploit code"
Next in thread: Mariusz Marcinkiewicz: "Re: rpc.nfsd exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:35 PDT