[3744] in bugtraq
Re: NFS/mountd minor bug
daemon@ATHENA.MIT.EDU (Brian Mitchell)
Thu Dec 5 13:42:54 1996
Date: Thu, 5 Dec 1996 11:07:31 -0600
Reply-To: Brian Mitchell <brian@saturn.net>
From: Brian Mitchell <brian@saturn.net>
X-To: Alan Cox <alan@cymru.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199612051005.KAA28124@snowcrash.cymru.net>
On Thu, 5 Dec 1996, Alan Cox wrote:
> This is only a small one and not that serious because remote lusers shouldnt
> have access to your portmappers at all. However if they do then rpc.mountd
> gives out more info than is ideal.
>
> Viz
>
> mount testbox:/usr/lib /mnt
> mount testbox:/usr/lib failed, reason given by server: Permission denied
> mount testbox:/usr/libs /mnt
> mount: testbox:/usr/libs failed, reason given by server: No such file or directory
>
> ie you can use it to test what is installed on a box.
Even without access to the portmapper, you can still probe the likely port
space for the mountd service, can you not?
Although admittedly, it is a very small hole.
