Package: nfs-kernel-server Version: 1:1.1.6-1 Severity: important Tags: security
How to reproduce: echo "mountd statd portmap lockd: ALL" >> /etc/hosts.deny # the second line is acually not needed, but shows that the problem is # not a wrong service name echo "32767: ALL" >> /etc/hosts.deny telnet servername 32767 The connection is accepted without being immediately closed and no error is logged to daemon.*. strace shows that the /etc/hosts.* files are not opened and that any input provided to the telnet process is received by the daemon. It would also be a good idea to add support to the daemon to bind to localhost, portmap style, since this is enough for NFSv4. -- ciao, Marco
signature.asc
Description: Digital signature
