Bugtraq: Re: [SNI-14]: Solaris rpcbind vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [SNI-14]: Solaris rpcbind vulnerability

From: oliverf () silence secnet com (Oliver Friedrichs)
Date: Thu, 5 Jun 1997 12:17:19 -0600


On Thu, 5 Jun 1997, Anthony C. Zboralski wrote:

Ok i checked from a remote location, a dear solaris 2.5.1 i have access
to and there isn't one but 6 ports being listened:


Thats one of the strange quirks in Solaris, ports are bound starting above
the 32xxx range (unless explicitly bound to a specified port).  Any
outgoing connection is also going to come from a port above 32xxx (TCP at
least).

The main problem was more of an illusion that if you were filtering port
111 you were safe.  This still doesn't protect you from direct RPC
scanning however, which will completely bypass rpcbind and portmap.

- Oliver

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Secure Networks Incorporated.  Calgary, Alberta, Canada, (403) 262-9211

By Date By Thread

Current thread:

[SNI-14]: Solaris rpcbind vulnerability Oliver Friedrichs (Jun 04)
- Re: [SNI-14]: Solaris rpcbind vulnerability Anthony C. Zboralski (Jun 04)
  - Re: [SNI-14]: Solaris rpcbind vulnerability C. v. Stuckrad (Jun 05)
  - Re: [SNI-14]: Solaris rpcbind vulnerability Oliver Friedrichs (Jun 05)
    - Re: [SNI-14]: Solaris rpcbind vulnerability Theo de Raadt (Jun 06)
    - Re: [SNI-14]: Solaris rpcbind vulnerability Alan Cox (Jun 06)
    - Re: [SNI-14]: Solaris rpcbind vulnerability Dmitry Kohmanyuk (Jun 06)
    - Re: [SNI-14]: Solaris rpcbind vulnerability Theo de Raadt (Jun 08)
- Sun Security Bulletin #00141 Aleph One (Jun 05)