rpc_vulnerability.txt

`Subject: Auditing for RPC vulnerabilities? Use BASS  
To: [email protected]   
  
  
On Wed, Sep 01, 1999 at 09:44:26PM -0400, Fyodor wrote:  
  
  
> Further, it can be painful to locate and 'rpcinfo' every host on a  
> large network.  
  
  
BASS includes RPC support, and was designed with bulk in mind (It was  
developed for the Internet Auditing Project). It will only take a few  
minutes of trivial effort to update the scanner (I might just do it  
myself). Besides being a bit out of date, it's well suited for the  
task.  
  
  
RPC support is based on portmapper however, so you won't fair well  
if the network is behind a firewall.  
  
  
You can grab it at:  
http://www.securityfocus.com/data/tools/network/bass-1.0.7.tar.gz  
  
  
BTW, Unless you're running a Linux libc5 (our original development  
system), you'll need to apply the bugfix patches posted on Bugtraq a  
few weeks ago (Yes, a new version *is* in order).  
  
  
Fyodor's nmap, especially with RPC support is really an excellent tool.  
However, with nmap:  
1) It may take a while to comprehensively scan a very large network.  
2) It merely detects the presence of a service, and does not test for  
vulnerability (by attempting an overflow and evaluating the  
response, or the lack of one).  
  
  
Cheers,  
Liraz  
`