On Thu, 2009-06-04 at 03:11 +0200, Marco d'Itri wrote: > Package: nfs-kernel-server > Version: 1:1.1.6-1 > Severity: important > Tags: security > > How to reproduce: > > echo "mountd statd portmap lockd: ALL" >> /etc/hosts.deny > # the second line is acually not needed, but shows that the problem is > # not a wrong service name > echo "32767: ALL" >> /etc/hosts.deny > > telnet servername 32767
Port number 32767 is meaningless since SunRPC ports are dynamically assigned. You'll need to look at 'rpcinfo -p' to see which service is on which port, then specify which *service* is not being wrapped. So far as I can see, rpc.mountd is using libwrap0 while the NFS server is not because, er, it's in the kernel. What do you expect? Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
signature.asc
Description: This is a digitally signed message part
