[2459] in bugtraq
Re: rpc.ypupdated
daemon@ATHENA.MIT.EDU (John Line)
Fri Dec 15 23:48:03 1995
Date: Sat, 16 Dec 1995 00:17:48 +0000
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: John Line <jml4@cus.cam.ac.uk>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199512151500.NAA08278@inf.ufsc.br> from "Marcelo Maia Sobral" at
Dec 15, 95 01:00:04 pm
> I've fixed the SunOS 4.1.3 ypupdated bug (I think). Using tcp_wrapper tcpd
>to call rpc.ypupdated by inetd, and restricting access for local domain machines,
>has blocked this security gap. Here follows the steps:
>...
> 3) Create the file /etc/hosts.deny with the entry:
>
> rpc.ypupdated : ALL : (/usr/ucb/finger -l @%h | /usr/ucb/mail -s %d-%h root) &
Er... what if the remote site's fingerd returns output which uses UCB mail's
~-escapes to run commands, or amend the headers and mail "interesting" files
somewhere? [I don't think I'll stick my neck out in this forum and risk
any suggestions about better ways to send the mail! :-)]
John Line
--
John Line - Cambridge University Computing Service, Computer Laboratory,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.
Internet: jml4@cus.cam.ac.uk JANET: jml4@uk.ac.cam.cus Phone: +44 1223 334708
