[6787] in bugtraq
Re: easy DoS in most RPC apps
daemon@ATHENA.MIT.EDU (Scott Stone)
Sun May 17 15:04:47 1998
Date: Mon, 18 May 1998 01:29:26 +0900
Reply-To: Scott Stone <sstone@UME.PHT.CO.JP>
From: Scott Stone <sstone@UME.PHT.CO.JP>
X-To: David LeBlanc <dleblanc@MINDSPRING.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.3.32.19980517114943.00b8b700@mindspring.com>
On Sun, 17 May 1998, David LeBlanc wrote:
> At 02:35 AM 5/15/98 +0200, Peter van Dijk wrote:
> >Finally, I'm quite sure of this: the bug is in Sun's RPC code.
> >Investigations show Linux, FreeBSD, SunOS, System V and NeXTstep machines
> >are affected, which means we've got a _big_ problem here.
>
> If that's the case, then any ports of these utilities running on Windows NT
> would also exhibit the same problem - we're all running off of pretty much
> the same Sun ONC RPC code.
>
The FreeBSD people have already made a patch for this, check their home
site. I'm going to attempt to port the patch to Linux, as the base code
should be about the same.. the fix is to a couple of rpc-related files in
the C libraries.
--------------------------------------------------
Scott M. Stone <sstone@pht.com, sstone@turbolinux.com>
<sstone@pht.co.jp>
Linux Developer/Systems Administrator for Pacific HiTech, Inc.
http://www.pht.com http://armadillo.pht.co.jp
http://www.pht.co.jp http://www.turbolinux.com
