[12948] in bugtraq
Re: Solaris sadmind Buffer Overflow Vulnerability
daemon@ATHENA.MIT.EDU (Anthony D. Urso)
Mon Dec 13 17:13:43 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991212115237.A13802@killa.net>
Date: Sun, 12 Dec 1999 11:52:37 -0800
Reply-To: "Anthony D. Urso" <anthonyu@KILLA.NET>
From: "Anthony D. Urso" <anthonyu@KILLA.NET>
X-To: Brad Powell <Brad.Powell@ENG.SUN.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199912102112.NAA12929@olympics.Eng.Sun.COM>
On Fri, Dec 10, 1999 at 01:12:10PM -0800, Brad Powell wrote:
> You missed a couple other things that will help. Tcp_wrappers on
> the service,
Since sadmind communicates via udp, tcp_wrappers' tcpd will provide
no help. I recommend xinetd (http://www.synack.net/xinetd/) which will
"wrap" all services designed to run out of inetd, including rpc/udp
services.
It is able to link with libwrap and use hosts.allow/hosts.deny, or
even better, it has its own acl format for limiting connections to those
from more trusted hosts.
--
Au
PGP Key ID: 0x385B44CB
Fingerprint: 9E9E B116 DB2C D734 C090 E72F 43A0 95C4 385B 44CB
lottery(n): A tax on people who are bad at math.
