mailing list archives
From: dube0866 () EUROBRETAGNE FR (Nicolas Dubee)
Date: Fri, 10 Apr 1998 15:09:33 +0100
Just for the records and as there's now a patch for this one, here is
the rpcbind feature under Solaris 2.5.x and 2.6.
When rpcbind terminates with a SIGTERM or SIGINT, it will flush the
current list of registered services to /tmp/portmap.file
/tmp/rpcbind.file, without checking for symbolic links etc...
It can then be used to trash any file on the fs.
Note that this happens only when rpcbind is explicitly killed by root
with SIGTERM or SIGINT (rebooting or shutdowning won't do it since
K??rpc sends a SIGKILL signal to rpcbind to prevent this behaviour).
dube0866 () eurobretagne fr
QW vulnerability Glenn F. Maynard (Apr 07)
AppleShare IP Mail Server Chris Wedgwood (Apr 08)
Geac ADVANCE library system security HOLE GAVRILIS DIMITR (Apr 02)
- Re: portmap 4.0-8 DoS, (continued)