[1337] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] NFS/mountd minor bug

daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Dec 5 16:18:17 1996

Date: Thu, 5 Dec 1996 10:05:36 GMT
From: Alan Cox <alan@cymru.net>
To: bugtraq@crimelab.com, linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


This is only a small one and not that serious because remote lusers shouldnt
have access to your portmappers at all. However if they do then rpc.mountd
gives out more info than is ideal.

Viz

mount testbox:/usr/lib /mnt
mount testbox:/usr/lib failed, reason given by server: Permission denied
mount testbox:/usr/libs /mnt
mount: testbox:/usr/libs failed, reason given by server: No such file or directory

ie you can use it to test what is installed on a box.

Alan

[mod: The bad news is that you don't really need access to the
portmapper to find the mountd: a port scan between 500 and 1000 will
most likely turn up just a few ports that you can connect to, and
trying to send a mount request to those ports will quickly tell you
where the mountd lives.... -- REW]


home help back first fref pref prev next nref lref last post