From owner-freebsd-security  Fri Jan 26  9:52: 3 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id E0B5437B402
	for <freebsd-security@freebsd.org>; Fri, 26 Jan 2001 09:51:43 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Fri, 26 Jan 2001 09:49:49 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f0QHpmh66612;
	Fri, 26 Jan 2001 09:51:48 -0800 (PST)
	(envelope-from cjc)
Date: Fri, 26 Jan 2001 09:51:47 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: David La Croix <dlacroix@cowpie.acm.vt.edu>
Cc: "Scot W. Hetzel" <hetzels@westbend.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: buffer overflows in rpc.statd?
Message-ID: <20010126095147.A66394@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <026c01c086f6$c2c151e0$7d7885c0@genroco.com> <200101251804.NAA00434@cowpie.acm.vt.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <200101251804.NAA00434@cowpie.acm.vt.edu>; from dlacroix@cowpie.acm.vt.edu on Thu, Jan 25, 2001 at 12:04:32PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Jan 25, 2001 at 12:04:32PM -0600, David La Croix wrote:

[snip]

> BTW... not that I know of any specific exploits for Rpc.* family servers,

For all RPCs across all architetures? Whoo. That'd be a long list of
well known exploits.

> but I would recommend setting up firewall rules to prevent anyone you 
> don't trust from accessing those services (or any other services you 
> might be paranoid about). 

I wanted to point out that you cannot really 'block' RPC services
effectively with ipfw(8) rules. RPC services do not live on certain
well-known ports[0]. The only way you can effectively block RPC
services is with default deny rules.

This also is problematic if you for some insane reason wished to
allow access to a specific RPC service through a firewall. There is no
single set of ports to open up to let the traffic through. RPC proxies
would be the solution for that case.

[0] The major exception to this is the portmapper which lives at 111
TCP and UDP. It is the one that provides the RPC-number-to-port-number
map, and thus needs to be someplace where you can find it. Another
exception to this rule is NFS which pretty much always lives on 2049
TCP or UDP.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message