Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Addendum to Rpcbind Advisory
From: wietse () WZV WIN TUE NL (Wietse Venema)
Date: Thu, 17 Jul 1997 13:00:02 -0400


Darn, I can't even go off the net anymore for a little eye surgery.
I will do nothing about this thing for several weeks, until I am
able to work at the screen for more than a few minutes at a time.

        Wietse

                    ######    ##   ##    ######
                    ##        ###  ##      ##
                    ######    ## # ##      ##
                        ##    ##  ###      ##
                    ###### .  ##   ## .  ######.

                         Secure Networks Inc.

                         Addendum to Advisory

                            July 8, 1997

                     Addendum to Rpcbind Advisory

This Addendum corrects a factual error in the previously distributed
advisory.

Problem Description
~~~~~~~~~~~~~~~~~~~

The released version of the advisory incorrectly states that Wieste
Venema's rpcbind replacement does not service queries sent to a
high-numbered udp port.

Technical Details
~~~~~~~~~~~~~~~~~

For a detailed description of the problem, please see the original
advisory, at http://www.secnet.com/...

Impact
~~~~~~

Wieste Venema's rpcbind replacement will service portmapper requests sent
to a high-numbered udp port.  However access control imposed by the rpcbind
replacement will behave normally, even for queries sent to that
high-numbered port.


Additional Information
~~~~~~~~~~~~~~~~~~~~~~

Past Secure Networks advisories can be found at
ftp://ftp.secnet.com/pub/advisories, and Secure Networks papers can be
found at ftp://ftp.secnet.com/pub/papers.

The error in the advisory was pointed out to us by Casper Dik,
Casper.Dik () holland sun com 

Wieste Venema's rpcbind can be obtained at ftp://ftp.win.tue.nl/pub/security.

Feel free to send responses and commments to sni () secnet com   If you
should wish to encrypt such traffic, please use the Secure Networks Inc.
key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzLaFzIAAAEEAKsVzPR7Y6oFN5VPE/Rp6Sm82oE0y6Mkuof8QzERV6taihn5
uySb31UeNJ4l6Ud9alOPT/0YdeOO9on6eD1iU8qumFxzO3TLm8nTAdZehQSAQfoa
rWmpwj7KpXN/3n+VyBWvhpBdKxe08SQN4ZjvV5HXy4YIrE5bTbgIhFKeVQANAAUR
tCVTZWN1cmUgTmV0d29ya3MgSW5jLiA8c25pQHNlY25ldC5jb20+iQCVAwUQM03n
27Tl3s+VYMi5AQHdGwP+N3hhILzzhSvhx1gj6ZElgsLa7Q1P3cTlc/Xqx50/wkcX
qIwiPudH+9UHvpL8fUNaHc9iZf3y8YZz0HWz56Vm5SG7uBfB/ksq4x04pQ65dQ1m
v51DYCvLG9u0jL4hC3Mz9WvIMANXqOUlAhuU1iy0wM41joE8aHdh2jsLHlB5qlSJ
AJUDBRAzTlbK/3eiMPDVSG0BAcTNA/9eF0X4Ei8LM4CXFW7JTB5vwXxerR6FmKI8
0JXt6KTrjGBzTfBrDGUZHNakPELjQPQI+fqg6hKJ7Ro1eSL4QbtX2BTO+wIWoLJG
hQmccKleuEK5N9vFgzvPTRknfkbqL1Ta7g3Z9tE8TQhFbj0x4yNFAPB/hOhVvY3s
YOkUx4T12A==
=ljNl
-----END PGP PUBLIC KEY BLOCK-----


Copyright Notice
~~~~~~~~~~~~~~~~

The contents of this advisory are Copyright (C) 1997 Secure Networks Inc,
and may be distributed freely provided that no fee is charged for
distribution, and that proper credit is given.





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault