Re: [Fwd: mountd remote exploit?]

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Olaf Kirch (okir@monad.swb.de)
Date: 09/29/98-01:33:36 PM Z

Next message: Carl Beame: "Re: locking errors"
Previous message: Brent Callaghan: "Re: Comments on draft-ietf-nfsv4-requirements-01"
In reply to: Mike Eisler: "Re: [Fwd: mountd remote exploit?]"

Message-Id: <m0zO4ae-000AyGC@monad.swb.de>
Subject: Re: [Fwd: mountd remote exploit?] 
Date: Tue, 29 Sep 1998 20:33:36 +0200
From: Olaf Kirch <okir@monad.swb.de>

On Tue, 29 Sep 1998 08:30:38 PDT, Mike Eisler wrote:
> I don't know the details, but this was either a buffer overflow and/or
> a hole resulting from the  exporting of a subset of the root file system.

To shed some light on this: this was indeed a stupid buffer overflow
introduced by a `security feature' (i.e. logging failed mount requests).

> The protocol cannot really address either.

Amen.

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax

Next message: Carl Beame: "Re: locking errors"
Previous message: Brent Callaghan: "Re: Comments on draft-ietf-nfsv4-requirements-01"
In reply to: Mike Eisler: "Re: [Fwd: mountd remote exploit?]"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

This archive was generated by hypermail 2.1.2 : 03/04/05-01:46:26 AM Z CST