Re: [SNI-14]: Solaris rpcbind vulnerability

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Fri, 06 Jun 1997 18:41:22 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dmitry Kohmanyuk: "Re: [SNI-14]: Solaris rpcbind vulnerability"
Previous message: Theo de Raadt: "Re: [SNI-14]: Solaris rpcbind vulnerability"
Maybe in reply to: Oliver Friedrichs: "[SNI-14]: Solaris rpcbind vulnerability"
Next in thread: Dmitry Kohmanyuk: "Re: [SNI-14]: Solaris rpcbind vulnerability"

> A bind() with sin.sin_port == 0 will return a random port in a range
> > 1024.
> We think this is a big win, though the bugs that are exploitable with
> predictable port ranges are quite difficult to play with (and rare).

Theo, Linux does likewise - and you also get a performance advantage. However
your explanation misses a problem - you may randomly assign port 6000 - which
is sort of a well known port for X windows

Next message: Dmitry Kohmanyuk: "Re: [SNI-14]: Solaris rpcbind vulnerability"
Previous message: Theo de Raadt: "Re: [SNI-14]: Solaris rpcbind vulnerability"
Maybe in reply to: Oliver Friedrichs: "[SNI-14]: Solaris rpcbind vulnerability"
Next in thread: Dmitry Kohmanyuk: "Re: [SNI-14]: Solaris rpcbind vulnerability"