[12937] in bugtraq
Re: sadmind exploits (remote sparc/x86)
daemon@ATHENA.MIT.EDU (Erik Fichtner)
Fri Dec 10 21:05:55 1999
Mail-Followup-To: Marcy Abene <geetwentythree@YAHOO.COM>,
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991210184127.Q18174@obfuscation.org>
Date: Fri, 10 Dec 1999 18:41:27 -0500
Reply-To: techs@obfuscation.org
From: Erik Fichtner <techs@OBFUSCATION.ORG>
X-To: Marcy Abene <geetwentythree@YAHOO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991210221623.22563.qmail@web3104.mail.yahoo.com>
If you want to be a little less appetizing to the bear than the other guy
until Sun coughs up a sadmind patch (if you're one of the unlucky sites
that has a need for it), get thee hence to
ftp://ftp.porcupine.org/pub/security/rpcbind_2.1.tar.gz
and replace the rpcbind on your solaris2 system with Weitse's tcpwrapped
version.
It will NOT stop the buffer overflow in sadmind by any means,
but it will stop this particular exploit script from being used by those
who cannot fix the code to not ask portmapper for the sadmind port.
(of course, since it's 18:45 EST on a friday, I imagine someone will post
a version that does direct-to-sadmind-port poking well before monday a.m.)
--
Erik Fichtner; Warrior SysAdmin (emf|techs) 34.9908%
http://www.obfuscation.org/~techs N 38 53.055' W 77 21.860' 764 ft.
"What's the most effective Windows NT remote management tool?"
"A car." -- Stephen Northcutt
