[1337] in linux-security and linux-alert archive
[linux-security] NFS/mountd minor bug
daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Dec 5 16:18:17 1996
Date: Thu, 5 Dec 1996 10:05:36 GMT
From: Alan Cox <alan@cymru.net>
To: bugtraq@crimelab.com, linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
This is only a small one and not that serious because remote lusers shouldnt
have access to your portmappers at all. However if they do then rpc.mountd
gives out more info than is ideal.
Viz
mount testbox:/usr/lib /mnt
mount testbox:/usr/lib failed, reason given by server: Permission denied
mount testbox:/usr/libs /mnt
mount: testbox:/usr/libs failed, reason given by server: No such file or directory
ie you can use it to test what is installed on a box.
Alan
[mod: The bad news is that you don't really need access to the
portmapper to find the mountd: a port scan between 500 and 1000 will
most likely turn up just a few ports that you can connect to, and
trying to send a mount request to those ports will quickly tell you
where the mountd lives.... -- REW]