[2458] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

rpc.ypupdated

daemon@ATHENA.MIT.EDU (Marcelo Maia Sobral)
Fri Dec 15 19:11:31 1995

Date:         Fri, 15 Dec 1995 13:00:04 -0200
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Marcelo Maia Sobral <sobral@INF.UFSC.BR>
X-To:         bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>

   I've fixed the SunOS 4.1.3 ypupdated bug (I think). Using tcp_wrapper tcpd
to call rpc.ypupdated by inetd, and restricting access for local domain machines,
has blocked this security gap. Here follows the steps:

  1) Add the following line to inetd.conf:

ypupdated/1     stream  rpc/tcp wait root /usr/etc/tcpd /usr/etc/rpc.ypupdated rpc.ypupdated

  2) Create file /etc/hosts.allow with the entry:

    rpc.ypupdated : LOCAL :

  3) Create the file /etc/hosts.deny with the entry:

    rpc.ypupdated : ALL : (/usr/ucb/finger -l @%h | /usr/ucb/mail -s %d-%h root) &

  4) Remove rpc.ypupdated call from /etc/rc.local.

  5) Kill rpc.ypupdated (if running), and send a Hangup (kill -HUP) to inetd.

  This solution effectivelly protects ther machine. When a intrusion trying occurs,
a finger is made on the originating host and the result is mailed to the
administrator.

   Good luck !

   Marcelo Sobral
   Informatic and Statistic Dep.
   Universidade Federal de Santa Catarina
   Florianopolis - SC - Brasil
   email: sobral@inf.ufsc.br


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2458] in bugtraq

rpc.ypupdated

daemon@ATHENA.MIT.EDU (Marcelo Maia Sobral)Fri Dec 15 19:11:31 1995

daemon@ATHENA.MIT.EDU (Marcelo Maia Sobral)
Fri Dec 15 19:11:31 1995