Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 26 Jan 2001 09:51:47 -0800
From:      "Crist J. Clark" <cjclark@reflexnet.net>
To:        David La Croix <dlacroix@cowpie.acm.vt.edu>
Cc:        "Scot W. Hetzel" <hetzels@westbend.net>, freebsd-security@FreeBSD.ORG
Subject:   Re: buffer overflows in rpc.statd?
Message-ID:  <20010126095147.A66394@rfx-216-196-73-168.users.reflex>
In-Reply-To: <200101251804.NAA00434@cowpie.acm.vt.edu>; from dlacroix@cowpie.acm.vt.edu on Thu, Jan 25, 2001 at 12:04:32PM -0600
References:  <026c01c086f6$c2c151e0$7d7885c0@genroco.com> <200101251804.NAA00434@cowpie.acm.vt.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Jan 25, 2001 at 12:04:32PM -0600, David La Croix wrote:

[snip]

> BTW... not that I know of any specific exploits for Rpc.* family servers,

For all RPCs across all architetures? Whoo. That'd be a long list of
well known exploits.

> but I would recommend setting up firewall rules to prevent anyone you 
> don't trust from accessing those services (or any other services you 
> might be paranoid about). 

I wanted to point out that you cannot really 'block' RPC services
effectively with ipfw(8) rules. RPC services do not live on certain
well-known ports[0]. The only way you can effectively block RPC
services is with default deny rules.

This also is problematic if you for some insane reason wished to
allow access to a specific RPC service through a firewall. There is no
single set of ports to open up to let the traffic through. RPC proxies
would be the solution for that case.

[0] The major exception to this is the portmapper which lives at 111
TCP and UDP. It is the one that provides the RPC-number-to-port-number
map, and thus needs to be someplace where you can find it. Another
exception to this rule is NFS which pretty much always lives on 2049
TCP or UDP.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010126095147.A66394>