Re: [lug-nuts] Redhat 6.0 securty problem

From: Mike Machado (mike@innercite.com)
Date: Wed Dec 08 1999 - 17:30:37 PST

Next message: Michael Long: "Re: [lug-nuts] Redhat 6.0 securty problem"
Previous message: M1Nine: "Re: [lug-nuts] Redhat 6.0 securty problem"
In reply to: M1Nine: "Re: [lug-nuts] Redhat 6.0 securty problem"
Next in thread: Michael Long: "Re: [lug-nuts] Redhat 6.0 securty problem"
Reply: Michael Long: "Re: [lug-nuts] Redhat 6.0 securty problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

M1Nine wrote:
>
> Rick Johnson wrote:
>
> > What kind of problem did you find? I haven't seen anything related show up
> > on mailing lists yet. (except this one of course.)
> >
> > Rick
> >
> > --
> > ===========================================================
> > Rick Johnson Voicemail: 530.325.5200
> > rick@pointman.org Fax: 530.325.5200
> > http://www.pointman.org AIM: rsjohn01
> > ===========================================================
> >
> > It really is too bad Microsoft doesn't also sell a vacuum cleaner, for I'm
> > convinced it would be their only product that doesn't suck.
> >
> > On Wed, 8 Dec 1999, Mike Machado wrote:
> >
> > > If you run a redhat 6.0 machine on the net you may be vulnerable. I have
> > > found a possible problem the the portmapper service that runs on tcp
> > > 111. If you do not need nfs services I would reccommend turning it off
> > > along with the kernel nfsd.
> > >
> > >
> > > --
> > > Mike Machado
> > > mike@innercite.com
> > > InnerCite
> > > Network Specialist
> > > ****************************************************************************
> > > * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> > > * in the message body to majordomo@saclug.org. Please direct other
> > > * questions, comments, or problems to lug-nuts-owner@saclug.org.
> > >
> >
> > ****************************************************************************
> > * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> > * in the message body to majordomo@saclug.org. Please direct other
> > * questions, comments, or problems to lug-nuts-owner@saclug.org.
>
> Mike, could you explain the details.
>

I have yet to find the exploit code, but it appears as if the portmapper
service had a buffer overflow.
You should turn off any rpc stuff or at lease filter these ports at a
firewall if you have one.

> Thanks
> Andrew
>
> ****************************************************************************
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
> * in the message body to majordomo@saclug.org. Please direct other
> * questions, comments, or problems to lug-nuts-owner@saclug.org.

-- 
Mike Machado
mike@innercite.com
InnerCite
Network Specialist
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
* in the message body to majordomo@saclug.org. Please direct other
* questions, comments, or problems to lug-nuts-owner@saclug.org.

Next message: Michael Long: "Re: [lug-nuts] Redhat 6.0 securty problem"
Previous message: M1Nine: "Re: [lug-nuts] Redhat 6.0 securty problem"
In reply to: M1Nine: "Re: [lug-nuts] Redhat 6.0 securty problem"
Next in thread: Michael Long: "Re: [lug-nuts] Redhat 6.0 securty problem"
Reply: Michael Long: "Re: [lug-nuts] Redhat 6.0 securty problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:08 PST