[Secure-testing-team] Bug#531785: tcp-wrappers support not working
Marco d'Itri
md at linux.it
Thu Jun 4 01:11:51 UTC 2009
Package: nfs-kernel-server
Version: 1:1.1.6-1
Severity: important
Tags: security
How to reproduce:
echo "mountd statd portmap lockd: ALL" >> /etc/hosts.deny
# the second line is acually not needed, but shows that the problem is
# not a wrong service name
echo "32767: ALL" >> /etc/hosts.deny
telnet servername 32767
The connection is accepted without being immediately closed and no error
is logged to daemon.*.
strace shows that the /etc/hosts.* files are not opened and that any
input provided to the telnet process is received by the daemon.
It would also be a good idea to add support to the daemon to bind to
localhost, portmap style, since this is enough for NFSv4.
--
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090604/688b85a8/attachment.pgp>
More information about the Secure-testing-team
mailing list