Re: [lug-nuts] Redhat 6.0 securty problem

From: Michael Long (mlong@ns.net)
Date: Wed Dec 08 1999 - 17:48:51 PST


Yes, there was a couple of emails on BUGTRAQ and SANS mailing lists about
this particular buffer overflow some time ago. I would check the mail
archives for more info.

Mike

On Wed, 8 Dec 1999, Mike Machado wrote:

> M1Nine wrote:
> >
> > Rick Johnson wrote:
> >
> > > What kind of problem did you find? I haven't seen anything related show up
> > > on mailing lists yet. (except this one of course.)
> > >
> > > Rick
> > >
> > > --
> > > ===========================================================
> > > Rick Johnson Voicemail: 530.325.5200
> > > rick@pointman.org Fax: 530.325.5200
> > > http://www.pointman.org AIM: rsjohn01
> > > ===========================================================
> > >
> > > It really is too bad Microsoft doesn't also sell a vacuum cleaner, for I'm
> > > convinced it would be their only product that doesn't suck.
> > >
> > > On Wed, 8 Dec 1999, Mike Machado wrote:
> > >
> > > > If you run a redhat 6.0 machine on the net you may be vulnerable. I have
> > > > found a possible problem the the portmapper service that runs on tcp
> > > > 111. If you do not need nfs services I would reccommend turning it off
> > > > along with the kernel nfsd.
> > > >
> > > >
> > > > --
> > > > Mike Machado
> > > > mike@innercite.com
> > > > InnerCite
> > > > Network Specialist
> > > > ****************************************************************************
> > > > * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> > > > * in the message body to majordomo@saclug.org. Please direct other
> > > > * questions, comments, or problems to lug-nuts-owner@saclug.org.
> > > >
> > >
> > > ****************************************************************************
> > > * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> > > * in the message body to majordomo@saclug.org. Please direct other
> > > * questions, comments, or problems to lug-nuts-owner@saclug.org.
> >
> > Mike, could you explain the details.
> >
>
>
> I have yet to find the exploit code, but it appears as if the portmapper
> service had a buffer overflow.
> You should turn off any rpc stuff or at lease filter these ports at a
> firewall if you have one.
>
> > Thanks
> > Andrew
> >
> > ****************************************************************************
> > * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> > * in the message body to majordomo@saclug.org. Please direct other
> > * questions, comments, or problems to lug-nuts-owner@saclug.org.
>
> --
> Mike Machado
> mike@innercite.com
> InnerCite
> Network Specialist
> ****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> * in the message body to majordomo@saclug.org. Please direct other
> * questions, comments, or problems to lug-nuts-owner@saclug.org.
>

****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
* in the message body to majordomo@saclug.org. Please direct other
* questions, comments, or problems to lug-nuts-owner@saclug.org.



This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:08 PST