Re: SunRPC and slackware 3.4 and 3.5..

[vermont () GATE NET (Illuminatus Primus)]

Perhaps it's an exploit involving the sprintf()s in the nfs-server package
that were recently fixed.  The sprintf()s were in a section of code that
dealt with logging, and I believe were shared between mountd & nfsd.

The fixed package is available at
ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir/nfs-server-2.2beta36.tar.gz

In fact, looking back at Okir's message to Bugtraq, he says:
heres an update on the Linux unfsd hole. The problem (as most may
have found out by now looking at the diffs) was a buffer overrun in
the code that was supposed to log failed mount attempts :-/

This exploit might not be anything new.  It would help to know what
version of nfsd the cracked sites were running..

On Thu, 17 Sep 1998, Andrew Hobgood wrote:

> > There is apparently a un-released remote root exploit for slackware
> > 3.4-3.5 that involves sunrpc.
>
> The grapevine seems to indicate that it's a buffer overrun in rpc.mountd.
> Again, I can't verify the accuracy of this information.