|
Bugtraq
mailing list archives
Re: [SNI-14]: Solaris rpcbind vulnerability
From: dk () GENESYSLAB COM (Dmitry Kohmanyuk)
Date: Fri, 6 Jun 1997 16:33:25 -0700
On Fri, Jun 06, 1997 at 06:41:22PM +0100, Alan Cox wrote:
A bind() with sin.sin_port == 0 will return a random port in a range
1024.
We think this is a big win, though the bugs that are exploitable with
predictable port ranges are quite difficult to play with (and rare).
Theo, Linux does likewise - and you also get a performance advantage. However
your explanation misses a problem - you may randomly assign port 6000 - which
is sort of a well known port for X windows
not if there is a way to specify _port ranges_ for random allocation.
on FreeBSD, those sysctl vars exist:
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
net.inet.ip.portrange.hifirst: 40000
net.inet.ip.portrange.hilast: 44999
The port is allocated within appropriate one of these ranges.
Does OpenBSD have the same facility?
 By Date 
By Thread
Current thread:
- Re: [SNI-14]: Solaris rpcbind vulnerability, (continued)
Sun Security Bulletin #00141 Aleph One (Jun 05)
Sun Security Bulletin #00142 Aleph One (Jun 05)
Re: [SNI-14]: Solaris rpcbind vulnerability James W. Abendschan (Jun 05)
Re: [SNI-14]: Solaris rpcbind vulnerability James W. Abendschan (Jun 06)
|
Intro
