[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: portmap vulnerability?
- From: R E Wolff BitWizard nl (Rogier Wolff)
- To: lindsey ncsa uiuc edu (Christopher Lindsey)
- Cc: soonu sl-175-44 rh uchicago edu, linux-security redhat com
- Subject: [linux-security] Re: portmap vulnerability?
- Date: Wed, 9 Dec 1998 08:57:29 +0100 (MET)
Christopher Lindsey wrote:
> > Some versions of portmap would allow users to read/modify
> > their table or would forward requests as the local system. You
> > might just be getting attempts to try to exploit these holes. I
> > would probably disable the portmap daemon if you don't need it. Reading
> > the readme that comes with the package also gives more info on the
> > vulnerabilities that may be present.
>
> And of course if you must run portmap, use TCP wrappers to limit
> it to a certain range of hosts. Assuming that hosts.deny has
Actually, portmapper cannot run "behind" tcp wrappers. It opens
its port and waits for connections. However, it seems that modern
portmappers are linked with the library from tcpwrappers, so that
it takes the same config files as the tcpwrappers do. Nifty!
> ALL:ALL
>
> You can add an entry like
>
> portmap:199.198.24.0/255.255.255.0
>
> (assuming you're at redhat.com and want to limit RPC services to that
> IP block)...
>
> rpc.mountd can also be limited, but I don't know if that support
> is in the default RedHat binaries. You can always grab the source
> from
>
> ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir/
>
> Chris
>
Roger.
--
My pet light bulb is a year old today. \_________ R E Wolff BitWizard nl
That's 5.9*10^12 miles. Your mileage will NOT vary.\__Phone: +31-15-2137555
--(time <-> distance can be converted: lightspeed)-- \____ fax: ..-2138217
We write Linux device drivers for any device you may have! \_______________
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]