[2102] in linux-security and linux-alert archive
[linux-security] Re: portmap vulnerability?
daemon@ATHENA.MIT.EDU (Sam Quigley)
Sun Dec 6 19:24:45 1998
To: linux-security@redhat.com
From: Sam Quigley <osquigle@cs.uchicago.edu>
Date: 06 Dec 1998 14:46:32 -0600
In-Reply-To: Sam Quigley's message of "05 Dec 1998 17:50:38 -0600"
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Sam Quigley <osquigle@cs.uchicago.edu> writes:
> Are there any known vulnerabilities in portmap (redhat's
> portmap-4.0-7b)? I've been receiving a lot of attempts to access the
> portmap port on some linuxppc machines I administer by various
> machines which clearly have no business with mine, and I wonder if
> this is an attempt to break in to my machines.
...
> I haven't yet looked at the source to see if there are any obvious
> problems with portmap (buffer overflows, etc.), but I suspect that
> there may be.
>
> -sq
I actually now have reason to believe that these probes were part of
a search to find machines running mountd, in an attempt to exploit the
recently-publicized bugs in that code.
portmap itself doesn't seem to have been the target of the attack,
although on my machines that was how the attack manifested itself.
So this note becomes, rather, a warning to others that people are
actively attempting to exploit the mountd vulnerabilities: be careful.
-sq
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
