[5061] in bugtraq
REPOST: Re: Addendum to Rpcbind Advisory
daemon@ATHENA.MIT.EDU (Wietse Venema)
Thu Jul 31 12:46:44 1997
Date: Thu, 31 Jul 1997 09:07:08 -0400
Reply-To: Wietse Venema <wietse@WZV.WIN.TUE.NL>
From: Wietse Venema <wietse@WZV.WIN.TUE.NL>
X-To: sni@SECNET.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199707082043.OAA29157@silence.secnet.com> from Secure Networks
Inc at "Jul 8, 97 02:43:04 pm"
[In case you wonder what the heck Mr. Huger was responding to, it
seems that my announcement was lost after being forwarded to the
bugtraq moderator, so I am reposting it]
I have updated my rpcbind source so that it rejects requests from
remote clients to UDP or TCP ports other than 111. It is ready for
downloading, see ftp://ftp.win.tue.nl/pub/security/index.html.
In the future, I'd appreciate it if SNI would contact me, the
author, before announcing a possible loophole in my source code.
Oh, and my first name is Wietse, not Wieste.
Wietse
