Bugtraq: Re: [SNI-14]: Solaris rpcbind vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [SNI-14]: Solaris rpcbind vulnerability

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Fri, 6 Jun 1997 18:41:22 +0100

A bind() with sin.sin_port == 0 will return a random port in a range

1024.

We think this is a big win, though the bugs that are exploitable with
predictable port ranges are quite difficult to play with (and rare).


Theo, Linux does likewise  - and you also get a performance advantage. However
your explanation misses a problem - you may randomly assign port 6000 - which
is sort of a well known port for X windows

By Date By Thread

Current thread:

[SNI-14]: Solaris rpcbind vulnerability Oliver Friedrichs (Jun 04)
- Re: [SNI-14]: Solaris rpcbind vulnerability Anthony C. Zboralski (Jun 04)
  - Re: [SNI-14]: Solaris rpcbind vulnerability C. v. Stuckrad (Jun 05)
  - Re: [SNI-14]: Solaris rpcbind vulnerability Oliver Friedrichs (Jun 05)
    - Re: [SNI-14]: Solaris rpcbind vulnerability Theo de Raadt (Jun 06)
    - Re: [SNI-14]: Solaris rpcbind vulnerability Alan Cox (Jun 06)
    - Re: [SNI-14]: Solaris rpcbind vulnerability Dmitry Kohmanyuk (Jun 06)
    - Re: [SNI-14]: Solaris rpcbind vulnerability Theo de Raadt (Jun 08)
- Sun Security Bulletin #00141 Aleph One (Jun 05)
- Sun Security Bulletin #00142 Aleph One (Jun 05)
- Re: [SNI-14]: Solaris rpcbind vulnerability James W. Abendschan (Jun 05)