[7966] in bugtraq
Re: SunRPC and slackware 3.4 and 3.5..
daemon@ATHENA.MIT.EDU (Illuminatus Primus)
Thu Sep 17 15:41:24 1998
Date: Thu, 17 Sep 1998 15:17:53 -0400
Reply-To: Illuminatus Primus <vermont@GATE.NET>
From: Illuminatus Primus <vermont@GATE.NET>
X-To: Andrew Hobgood <chaos@STRANGE.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980917131403.27662A-100000@schizo.strange.net>
Perhaps it's an exploit involving the sprintf()s in the nfs-server package
that were recently fixed. The sprintf()s were in a section of code that
dealt with logging, and I believe were shared between mountd & nfsd.
The fixed package is available at
ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir/nfs-server-2.2beta36.tar.gz
In fact, looking back at Okir's message to Bugtraq, he says:
heres an update on the Linux unfsd hole. The problem (as most may
have found out by now looking at the diffs) was a buffer overrun in
the code that was supposed to log failed mount attempts :-/
This exploit might not be anything new. It would help to know what
version of nfsd the cracked sites were running..
On Thu, 17 Sep 1998, Andrew Hobgood wrote:
> > There is apparently a un-released remote root exploit for slackware
> > 3.4-3.5 that involves sunrpc.
>
> The grapevine seems to indicate that it's a buffer overrun in rpc.mountd.
> Again, I can't verify the accuracy of this information.
>
