Bugtraq: Wietse's RPCBIND

Bugtraq mailing list archives

Wietse's RPCBIND

From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Fri, 10 Apr 1998 15:26:47 -0400


"My" rpcbind (which is mostly SUN code) does:

        unlink(savefile);
        fopen(savefile);

Thus, the time window is small. Moreover, you get only one chance;
once rpcbind is gone, someone has to restart it by hand. I figure
that if you slow down the file system enough, and fill up the open
file table, there will be a way to sneak in.

The fix is to open the save file with the O_EXCL flag set. I'm
about to leave for a week. I'll see if I can get out an update
today, otherwise it will have to be a week later.

        Wietse

By Date By Thread

Current thread:

BSD coredumps follow symlinks Denis Papp (Mar 29)
- nmap -U <host> undetectable by netranger v2.0 Codex (Apr 01)
- portmap 4.0-8 DoS Michal Zalewski (Apr 01)
  - Re: portmap 4.0-8 DoS Peter van Dijk (Apr 07)
  - BSDI inetd crash Mark Schaefer (Apr 07)
    - Re: BSDI inetd crash FrontLine Assembly (Apr 08)
    - SGI O2 ipx security issue Fabrice Planchon (Apr 08)
    - BIND vulnerability test program.. Joshua J. Drake (Apr 10)
    - (Q) Sun Rpcbind problem. Chiaki Ishikawa (Apr 10)
    - Re: (Q) Sun Rpcbind problem. Casper Dik (Apr 10)
    - Wietse's RPCBIND Wietse Venema (Apr 10)
    - announce: weaken for netscape !! (fwd) Ken Williams (Apr 10)
    - Communicator exploits Fernand Portela (Apr 10)
    - Sun rpcbind Nicolas Dubee (Apr 10)
    - Re: Sun rpcbind Aaron Bornstein (Apr 10)
  - QW vulnerability Glenn F. Maynard (Apr 07)
  - AppleShare IP Mail Server Chris Wedgwood (Apr 08)
    - Re: AppleShare IP Mail Server David Luyer (Apr 08)
    - Re: AppleShare IP Mail Server James W. Abendschan (Apr 08)
- Geac ADVANCE library system security HOLE GAVRILIS DIMITR (Apr 02)
  - Re: Geac ADVANCE library system security HOLE Damian Kelly (Apr 04)

(Thread continues...)