[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: easy DoS in most RPC apps

To: BUGTRAQ@NETSPACE.ORG
Subject: Re: easy DoS in most RPC apps
From: Scott Stone <sstone@UME.PHT.CO.JP>
Date: Mon, 18 May 1998 01:29:26 +0900
Approved-By: aleph1@NATIONWIDE.NET
In-Reply-To: <3.0.3.32.19980517114943.00b8b700@mindspring.com>
Reply-To: Scott Stone <sstone@UME.PHT.CO.JP>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>

On Sun, 17 May 1998, David LeBlanc wrote:

> At 02:35 AM 5/15/98 +0200, Peter van Dijk wrote:
> >Finally, I'm quite sure of this: the bug is in Sun's RPC code.
> >Investigations show Linux, FreeBSD, SunOS, System V and NeXTstep machines
> >are affected, which means we've got a _big_ problem here.
>
> If that's the case, then any ports of these utilities running on Windows NT
> would also exhibit the same problem - we're all running off of pretty much
> the same Sun ONC RPC code.
>

The FreeBSD people have already made a patch for this, check their home
site.  I'm going to attempt to port the patch to Linux, as the base code
should be about the same.. the fix is to a couple of rpc-related files in
the C libraries.

--------------------------------------------------
Scott M. Stone <sstone@pht.com, sstone@turbolinux.com>
               <sstone@pht.co.jp>
Linux Developer/Systems Administrator for Pacific HiTech, Inc.
http://www.pht.com              http://armadillo.pht.co.jp
http://www.pht.co.jp            http://www.turbolinux.com

Follow-Ups:
- Re: easy DoS in most RPC apps
  - From: Bill Paul <wpaul@CTR.COLUMBIA.EDU>

References:
- Re: easy DoS in most RPC apps
  - From: David LeBlanc <dleblanc@MINDSPRING.COM>

Prev by Date: Re: easy DoS in most RPC apps
Next by Date: Re: easy DoS in most RPC apps
Prev by thread: Re: easy DoS in most RPC apps
Next by thread: Re: easy DoS in most RPC apps
Index(es):
- Date
- Thread