Package: portmap
Version: 5-9
Severity: grave
Tags: security
Justification: user security hole
The following hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5), hosts_options(5)
# and /usr/doc/netbase/portmapper.txt.gz
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper. See portmap(8)
# and /usr/doc/portmap/portmapper.txt.gz for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
ALL: ALL
plus hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5), hosts_options(5)
# and /usr/doc/netbase/portmapper.txt.gz
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8), rpc.mountd(8) and
# /usr/share/doc/portmap/portmapper.txt.gz for further information.
#
does not block rpcinfo -p (which returns the following:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32771 nlockmgr
100021 3 udp 32771 nlockmgr
100021 4 udp 32771 nlockmgr
100021 1 tcp 35096 nlockmgr
100021 3 tcp 35096 nlockmgr
100021 4 tcp 35096 nlockmgr
100005 1 udp 703 mountd
100005 1 tcp 706 mountd
100005 2 udp 703 mountd
100005 2 tcp 706 mountd
100005 3 udp 703 mountd
100005 3 tcp 706 mountd
391002 2 tcp 920 sgi_fam
100024 1 udp 927 status
100024 1 tcp 930 status
I have tried restarting the portmap daemon and inetd after making the
hosts.deny/allow changes but that has no effect (as it should be; the
changes to hosts.x files are supposed to be enough).
strings /sbin/portmap | grep hosts returns the following:
hosts_ctl
strings /lib/libwrap.so.0 | grep hosts returns:
hosts_allow_table
hosts_deny_table
hosts_access_verbose
hosts_access
hosts_ctl
/etc/hosts.allow
/etc/hosts.deny
@(#) hosts_access.c 1.21 97/02/12 02:13:22
@(#) hosts_ctl.c 1.4 94/12/28 17:42:27
So apparently there is some problem with portmap's use of libwrap0.
I am happy to provide further information. I noticed a closed with 'it
doesn't happen here' bug #84700 which appears to be the same complaint,
albeit with less detail.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (10, 'testing'), (7, 'unstable'), (3, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.15-1-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of packages portmap depends on:
ii libc6 2.3.5-13 GNU C Library: Shared libraries an
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
