|
Bugtraq
mailing list archives
Re: [SNI-14]: Solaris rpcbind vulnerability
From: jwa () JAMMED COM (James W. Abendschan)
Date: Fri, 6 Jun 1997 02:54:35 -0700
On Thu, 5 Jun 1997, I wrote:
When I saw this a few weeks ago on SNI's web page (it wasn't published
as an advisory, it was published as one of the checks their Ballista tool
performs) I was intrigued, so I sat down and spent some time trying
to exploit this.
By modifying rpcinfo.c to connect to port 32771 and changing the
PMAPPROC_DUMP stuff to work over UDP instead of TCP (clntudp_create),
you can get nicely functional "over-the-packet-filter" rpc dump.
This client is available at
http://www.jammed.com/~jwa/Security/h_rpcinfo.tar.gz
James
--
James W. Abendschan jwa () jammed com
JAMMED Systems, Inc. http://www.jammed.com
"Turing," she said. "You are under arrest." -- William Gibson
 By Date 
By Thread
Current thread:
- Re: [SNI-14]: Solaris rpcbind vulnerability, (continued)
Sun Security Bulletin #00141 Aleph One (Jun 05)
Sun Security Bulletin #00142 Aleph One (Jun 05)
Re: [SNI-14]: Solaris rpcbind vulnerability James W. Abendschan (Jun 05)
Re: [SNI-14]: Solaris rpcbind vulnerability James W. Abendschan (Jun 06)
Re: [SNI-14]: Solaris rpcbind vulnerability William Lewis (Jun 08)
|
Intro
