Re: buffer overflows in rpc.statd?

From: Crist J. Clark (cjclark@reflexnet.net)
Date: 01/26/01

Next message: Gerald Pfeifer: "Re: Security Advisories and the Announcements page"
Previous message: Bruce Albrecht: "wierd ssh failure"
In reply to: David La Croix: "Re: buffer overflows in rpc.statd?"
Next in thread: Dan Debertin: "Re: buffer overflows in rpc.statd?"
Reply: Dan Debertin: "Re: buffer overflows in rpc.statd?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 26 Jan 2001 09:51:47 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: David La Croix <dlacroix@cowpie.acm.vt.edu>

On Thu, Jan 25, 2001 at 12:04:32PM -0600, David La Croix wrote:

[snip]

> BTW... not that I know of any specific exploits for Rpc.* family servers,

For all RPCs across all architetures? Whoo. That'd be a long list of
well known exploits.

> but I would recommend setting up firewall rules to prevent anyone you
> don't trust from accessing those services (or any other services you
> might be paranoid about).

I wanted to point out that you cannot really 'block' RPC services
effectively with ipfw(8) rules. RPC services do not live on certain
well-known ports[0]. The only way you can effectively block RPC
services is with default deny rules.

This also is problematic if you for some insane reason wished to
allow access to a specific RPC service through a firewall. There is no
single set of ports to open up to let the traffic through. RPC proxies
would be the solution for that case.

[0] The major exception to this is the portmapper which lives at 111
TCP and UDP. It is the one that provides the RPC-number-to-port-number
map, and thus needs to be someplace where you can find it. Another
exception to this rule is NFS which pretty much always lives on 2049
TCP or UDP.

-- 
Crist J. Clark                           cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Gerald Pfeifer: "Re: Security Advisories and the Announcements page"
Previous message: Bruce Albrecht: "wierd ssh failure"
In reply to: David La Croix: "Re: buffer overflows in rpc.statd?"
Next in thread: Dan Debertin: "Re: buffer overflows in rpc.statd?"
Reply: Dan Debertin: "Re: buffer overflows in rpc.statd?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SBS2003 Outlook HTTP/RPC not working
... You've rerun the CEICW and you've gone into connectcomputer and you've followed the Outlook over http instructions on the workstation? ... Painstakingly going through all of the manual verification and diagnostics documented in every KB article I found on the subject including the document "Microsoft Exchange Server 2003 RPC over HTTP Deployment ... Again, other than telling me the obvious that it does not connect to the RPC services, it reveals nothing of substance. ...
(microsoft.public.windows.server.sbs)
Re: Windows 2003 Domain Controller (Open Port 593)
... says placing a DC so firewall separates it from its members is not ... any RPC functionality. ... those would require access to port 135 and subsequent access to the higher ... order ports assigned by RPC to those RPC services. ...
(microsoft.public.windows.server.security)
Re: Windows 2003 Domain Controller (Open Port 593)
... any RPC functionality. ... those would require access to port 135 and subsequent access to the higher ... order ports assigned by RPC to those RPC services. ... want the DC to sit behind an ISA server on its own segment. ...
(microsoft.public.windows.server.security)
Re: rpc shutdown (MSBLAST) behaviour I havent seen before, please help
... first of all go to the RPC services and set them so that the services shut ... > I have dealt with the blaster worm virus and it's variants several times ... > If I attempt to patch the computer I get the runtime error mentioned above ...
(microsoft.public.windowsxp.general)