[12352] in bugtraq
Re: HP automountd security bulletin
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Wed Oct 27 14:27:45 1999
Message-Id: <199910271354.d9RDsef24306@black-ice.cc.vt.edu>
Date: Wed, 27 Oct 1999 09:54:40 -0400
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis.Kletnieks@VT.EDU
X-To: Bennett Todd <bet@MORDOR.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Tue, 26 Oct 1999 00:03:40 EDT."
<19991026000340.A22447@mordor.net>
On Tue, 26 Oct 1999 00:03:40 EDT, Bennett Todd <bet@MORDOR.NET> said:
> of a worry. So use ipchains on Linux or ipfilter on most anything, and set up
> the host to block all but select, chosen protocols at its interfaces.
This, of course, assumes that you don't ever intend to run NFS.
And if the machine was *running* the automounter, there's only 2
explanations:
1) It was started by default and the machine was never tightened down.
2) There is actually a desire to use NFS.
Unless you have an ipchains or ipfilter that's smart enough to
reject based on the RPC procedure number, you're stuck.
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
