[2103] in linux-security and linux-alert archive
[linux-security] Re: portmap vulnerability?
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Wed Dec 9 06:52:20 1998
In-Reply-To: <199812081857.MAA23959@ferret.ncsa.uiuc.edu> from Christopher Lindsey at "Dec 8, 98 12:57:00 pm"
To: lindsey@ncsa.uiuc.edu (Christopher Lindsey)
Date: Wed, 9 Dec 1998 08:57:29 +0100 (MET)
Cc: soonu@sl-175-44.rh.uchicago.edu, linux-security@redhat.com
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Christopher Lindsey wrote:
> > Some versions of portmap would allow users to read/modify
> > their table or would forward requests as the local system. You
> > might just be getting attempts to try to exploit these holes. I
> > would probably disable the portmap daemon if you don't need it. Reading
> > the readme that comes with the package also gives more info on the
> > vulnerabilities that may be present.
>
> And of course if you must run portmap, use TCP wrappers to limit
> it to a certain range of hosts. Assuming that hosts.deny has
Actually, portmapper cannot run "behind" tcp wrappers. It opens
its port and waits for connections. However, it seems that modern
portmappers are linked with the library from tcpwrappers, so that
it takes the same config files as the tcpwrappers do. Nifty!
> ALL:ALL
>
> You can add an entry like
>
> portmap:199.198.24.0/255.255.255.0
>
> (assuming you're at redhat.com and want to limit RPC services to that
> IP block)...
>
> rpc.mountd can also be limited, but I don't know if that support
> is in the default RedHat binaries. You can always grab the source
> from
>
> ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir/
>
> Chris
>
Roger.
--
My pet light bulb is a year old today. \_________ R.E.Wolff@BitWizard.nl
That's 5.9*10^12 miles. Your mileage will NOT vary.\__Phone: +31-15-2137555
--(time <-> distance can be converted: lightspeed)-- \____ fax: ..-2138217
We write Linux device drivers for any device you may have! \_______________
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
