[8941] in bugtraq
Re: SUN almost has a clue! (automountd)
daemon@ATHENA.MIT.EDU (Friedrichs, Oliver)
Tue Jan 5 05:37:35 1999
Date: Mon, 4 Jan 1999 17:38:46 -0800
Reply-To: "Friedrichs, Oliver" <Oliver_Friedrichs@NAI.COM>
From: "Friedrichs, Oliver" <Oliver_Friedrichs@NAI.COM>
X-To: Corruptio Optimi Pessima <corruptio@HOTMAIL.COM>
To: BUGTRAQ@NETSPACE.ORG
>This new bug, located in rpc.statd which is also started by default
>(imagine that!), allows for remote packets to be bounced to the
>local Operating System.
This isn't really new. This problem was found by Secure Networks,
Inc. last spring and forwarded to vendors. A module to test for
this vulnerability has been in Ballista (now CyberCop Scanner
from Network Associates) since then as well.
It was never publicly noted, since the problem hasn't been fixed
yet (and as a security company, we aren't in the habit of
disclosing bugs which aren't fixed), however many people knew
of this vulnerability as a result of our research.
- Oliver
Network Associates, Inc.
