Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 08 Jul 2014 13:55:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Summer bug cleaning - rpcbind -h option

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And an RPC one (and possibly other NFS utils):

https://bugzilla.redhat.com/show_bug.cgi?id=852282
CVE-2012-3541 rpcbind: -h fails to control access to rpcbind

I'm guessing nobody noticed or cares much because people use firewalls
to control access to ports, not internal -h or whatever flags. The
reason rpcbind qualifies for a CVE is it exposes rpcbind on interfaces
against the direct configuration it was given (e.g. if you tell it to
listen to localhost only it would expose itself to the world).

- -- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTvEy1AAoJEBYNRVNeJnmTQawP/iwQtCl3INhkkENSif1rrfz0
5A8n7zJhYF5qf9IbAevd7aJwFEBL6j5zvLXg/QALZeMGGE+0gqyUjvIpsR+tmgsZ
kUm+6dia4zVNZVFli2RfTrcYf+dtC+TP+IkNCkfATk8hwgkzBr97JQ0q1S6ygmfZ
urCIHHYAtTHl3C+05/LUKGjmBTDHeTMbxJLf3j4JgSxqee/OyA4b3WVH3jbv5jue
o4i8U85OnuICmrR11/HCbG3Kii7DN1hYP1eobDdGjKeCzwiJyByeQoGQ3dwjqjT8
/XdOzuDXb5xLAzSisAbsPkIfRdQz4+LQCZd8g3xs4KsIfWMRXB7UsBOn2FuIoAKx
l784ypilTFyiWMirbzNKYQE14vZkCBwqLRH3y6Ac0Tv4/DFvsdfSEYjI7OoaLcaK
DRco4laV1xOwEcK5B/3jSRq0dbl38raFfRVnufoCBWAVhiYF18yEXYArP2jSZTLh
okemjN5+LgHkjCa+ArSlXt4c+XQnF1yS7PFYdXzTCpS+XtRbIqlL+ynpQwClAEDd
sHI7sgozcR7Z/AkfFLm0p2+OuebFMxfddGlsxcuy85REd1S3hFGmR1tyfnhfye+b
rMYEeJQWDJqycbUCv2GKUtSZUDau3NgLkdAUFoxbktcHrTh9rSUoxkhsiUsjnrHf
ysMM1GM1CkZLH6HVKSGp
=He5z
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.