Bugtraq mailing list archives

(Q) Sun Rpcbind problem.

From: Chiaki.Ishikawa () PERSONAL-MEDIA CO JP (Chiaki Ishikawa)
Date: Fri, 10 Apr 1998 20:31:14 +0900


X-PMC-CI-e-mail-id: 8013

Lately, there is an annoucement from Sun regarding security problem
with its rpcbind.

At the office, one of the solaris machine uses a rpcbind replacement:
part of the README is attached at the end.

Does anyone have an idea if I should upgrade to the Sun rpcbind, or
the replacement rpcbind is OK?

=== begin quote ====
README for rpcbind 1.1 on Fri Dec  9 17:34:12 MET 1994

Description
-----------

This is an rpcbind replacement with tcp wrapper style access control.
It provides a simple mechanism to discourage remote access to the NIS
(YP), NFS, and other rpc services.

Alas, the Solaris 2.4 rpcbind will still export file systems to the
world through proxy rpc.

This version is based on the freely-distributable tirpcsrc2.3 source
distribution, as offered for anonymous FTP from playground.sun.com.
According to the README:

    TIRPCSRC 2.3 29 Aug 1994

    This distribution contains SunSoft's implementation of
    transport-independent RPC (TI-RPC), External Data Representation
    (XDR), and various utilities and documentation.  These libraries
    and programs form the base of Open Network Computing (ONC), and are
    derived directly from the Solaris 2.3 source.

The program has undergone limited testing with SunOS 5.3 (Solaris 2.3).
It is obviously very compatible with Solaris 2.3. It will probably work
as well with earlier Solaris 2.x versions.

Features
--------

- host access control on IP addresses. The local host is considered
authorized. Host access control requires the libwrap.a library that
comes with recent tcp wrapper implementations.

- requests that are forwarded by the rpcbind process will be forwarded
through an unprivileged port.

- the rpcbind process refuses to forward requests to rpc daemons that
do (or should) verify the origin of the request: at present, the list
includes most of the calls to the NFS mountd/nfsd daemons and the NIS
daemons.

        [omission.]

Acknowledgements:
-----------------

Thanks to Robert Montjoy for helping with the port of my tirpcsrc1.0
patches to the tirpcsrc2.0 environment.

        Wietse Venema (wietse () wzv win tue nl)
        Mathematics and Computing
        Science Eindhoven University of Technology
        The Netherlands

=== end   quote ====

--
     Ishikawa, Chiaki        ishikawa () personal-media co jp.NoSpam  or
 (family name, given name) Chiaki.Ishikawa () personal-media co jp.NoSpam
    Personal Media Corp.      ** Remove .NoSpam at the end before use **
  Shinagawa, Tokyo, Japan 142

Current thread:

BSD coredumps follow symlinks Denis Papp (Mar 28)
- nmap -U <host> undetectable by netranger v2.0 Codex (Apr 01)
- portmap 4.0-8 DoS Michal Zalewski (Apr 01)
  - Re: portmap 4.0-8 DoS Peter van Dijk (Apr 07)
  - BSDI inetd crash Mark Schaefer (Apr 07)
    - Re: BSDI inetd crash FrontLine Assembly (Apr 08)
    - SGI O2 ipx security issue Fabrice Planchon (Apr 08)
    - BIND vulnerability test program.. Joshua J. Drake (Apr 09)
    - (Q) Sun Rpcbind problem. Chiaki Ishikawa (Apr 10)
    - Re: (Q) Sun Rpcbind problem. Casper Dik (Apr 10)
    - Wietse's RPCBIND Wietse Venema (Apr 10)
    - announce: weaken for netscape !! (fwd) Ken Williams (Apr 10)
    - Communicator exploits Fernand Portela (Apr 10)
    - Sun rpcbind Nicolas Dubee (Apr 10)
    - Re: Sun rpcbind Aaron Bornstein (Apr 10)
  - QW vulnerability Glenn F. Maynard (Apr 07)
  - AppleShare IP Mail Server Chris Wedgwood (Apr 07)
    - Re: AppleShare IP Mail Server David Luyer (Apr 07)
    - Re: AppleShare IP Mail Server James W. Abendschan (Apr 07)

(Thread continues...)