[2100] in linux-security and linux-alert archive
[linux-security] Re: portmap vulnerability?
daemon@ATHENA.MIT.EDU (Suchandra Thapa)
Sun Dec 6 07:47:17 1998
Date: Sun, 6 Dec 1998 05:57:31 -0600 (EST)
From: Suchandra Thapa <soonu@sl-175-44.rh.uchicago.edu>
To: Sam Quigley <osquigle@cs.uchicago.edu>
cc: linux-security@redhat.com, BUGTRAQ@netspace.org
In-Reply-To: <o9u7lw6ywq9.fsf@yeenoghu.cs.uchicago.edu>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Some versions of portmap would allow users to read/modify
their table or would forward requests as the local system. You
might just be getting attempts to try to exploit these holes. I
would probably disable the portmap daemon if you don't need it. Reading
the readme that comes with the package also gives more info on the
vulnerabilities that may be present.
On 5 Dec 1998, Sam Quigley wrote:
>
> Are there any known vulnerabilities in portmap (redhat's
> portmap-4.0-7b)? I've been receiving a lot of attempts to access the
> portmap port on some linuxppc machines I administer by various
> machines which clearly have no business with mine, and I wonder if
> this is an attempt to break in to my machines.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
