[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[linux-security] Re: portmap vulnerability?

From: Sam Quigley <osquigle cs uchicago edu>
To: linux-security redhat com
Subject: [linux-security] Re: portmap vulnerability?
Date: 06 Dec 1998 14:46:32 -0600

Sam Quigley <osquigle cs uchicago edu> writes:

> Are there any known vulnerabilities in portmap (redhat's
> portmap-4.0-7b)?  I've been receiving a lot of attempts to access the
> portmap port on some linuxppc machines I administer by various
> machines which clearly have no business with mine, and I wonder if
> this is an attempt to break in to my machines.
...
> I haven't yet looked at the source to see if there are any obvious
> problems with portmap (buffer overflows, etc.), but I suspect that
> there may be.
> 
> -sq

I actually now have reason to believe that these probes were part of
a search to find machines running mountd, in an attempt to exploit the
recently-publicized bugs in that code.

portmap itself doesn't seem to have been the target of the attack,
although on my machines that was how the attack manifested itself.

So this note becomes, rather, a warning to others that people are
actively attempting to exploit the mountd vulnerabilities: be careful.

-sq

References:
- portmap vulnerability?
  - From: Sam Quigley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]