[4644] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [SNI-14]: Solaris rpcbind vulnerability

daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Jun 6 19:22:47 1997

Date: 	Fri, 6 Jun 1997 18:41:22 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To:         deraadt@CVS.OPENBSD.ORG
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199706060815.CAA01506@cvs.openbsd.org> from "Theo de Raadt" at
              Jun 6, 97 02:15:47 am

> A bind() with sin.sin_port == 0 will return a random port in a range
> > 1024.
> We think this is a big win, though the bugs that are exploitable with
> predictable port ranges are quite difficult to play with (and rare).

Theo, Linux does likewise  - and you also get a performance advantage. However
your explanation misses a problem - you may randomly assign port 6000 - which
is sort of a well known port for X windows


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4644] in bugtraq

Re: [SNI-14]: Solaris rpcbind vulnerability

daemon@ATHENA.MIT.EDU (Alan Cox)Fri Jun 6 19:22:47 1997

daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Jun 6 19:22:47 1997