[2853] in bugtraq
Re: portmapper dangers
daemon@ATHENA.MIT.EDU (Julian Assange)
Sun Jun 30 16:26:41 1996
Date: Mon, 1 Jul 1996 05:51:59 +1000
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Julian Assange <proff@suburbia.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199606301748.NAA29974@Collatz.McRCIM.McGill.EDU> from "der
Mouse" at Jun 30, 96 01:48:28 pm
> The dangers, according to the code changes I saw, are that the
> portmapper will accept set and unset requests from other than the local
> machine, and that it will accept set and unset requests for reserved
> ports from clients not themselves running on reserved ports. I'm sure
> most readers of bugtraq will immediately see the dangers inherent in
> these lacks of checking. (The code I saw counts port 2049, the default
> NFS port, as reserved even though it is not in the reserved port space.
> I suppose one could argue whether this should be done.)
>
> der Mouse
>
> mouse@collatz.mcrcim.mcgill.edu
Isn't this rather old hat?
--
"Of all tyrannies a tyranny sincerely exercised for the good of its victims
may be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies, The robber baron's cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those who
torment us for own good will torment us without end, for they do so with
the approval of their own conscience." - C.S. Lewis, _God in the Dock_
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union |
|proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+
