Search...

rpc_vulnerability.txt

1999-09-19T00:00:00

ID PACKETSTORM:15637
Type packetstorm
Reporter Packet Storm
Modified 1999-09-19T00:00:00

Description

                                        
                                            `Subject: Auditing for RPC vulnerabilities? Use BASS  
To: BUGTRAQ@SECURITYFOCUS.COM   
  
  
On Wed, Sep 01, 1999 at 09:44:26PM -0400, Fyodor wrote:  
  
  
&gt; Further, it can be painful to locate and 'rpcinfo' every host on a  
&gt; large network.  
  
  
BASS includes RPC support, and was designed with bulk in mind (It was  
developed for the Internet Auditing Project). It will only take a few  
minutes of trivial effort to update the scanner (I might just do it  
myself). Besides being a bit out of date, it's well suited for the  
task.  
  
  
RPC support is based on portmapper however, so you won't fair well  
if the network is behind a firewall.  
  
  
You can grab it at:  
http://www.securityfocus.com/data/tools/network/bass-1.0.7.tar.gz  
  
  
BTW, Unless you're running a Linux libc5 (our original development  
system), you'll need to apply the bugfix patches posted on Bugtraq a  
few weeks ago (Yes, a new version *is* in order).  
  
  
Fyodor's nmap, especially with RPC support is really an excellent tool.  
However, with nmap:  
1) It may take a while to comprehensively scan a very large network.  
2) It merely detects the presence of a service, and does not test for  
vulnerability (by attempting an overflow and evaluating the  
response, or the lack of one).  
  
  
Cheers,  
Liraz  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:15637", "type": "packetstorm", "bulletinFamily": "exploit", "title": "rpc_vulnerability.txt", "description": "", "published": "1999-09-19T00:00:00", "modified": "1999-09-19T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/15637/rpc_vulnerability.txt.html", "reporter": "Packet Storm", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:27:38", "viewCount": 1, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2016-11-03T10:27:38", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:27:38", "rev": 2}, "vulnersScore": -0.1}, "sourceHref": "https://packetstormsecurity.com/files/download/15637/rpc_vulnerability.txt", "sourceData": "`Subject: Auditing for RPC vulnerabilities? Use BASS \nTo: BUGTRAQ@SECURITYFOCUS.COM \n \n \nOn Wed, Sep 01, 1999 at 09:44:26PM -0400, Fyodor wrote: \n \n \n> Further, it can be painful to locate and 'rpcinfo' every host on a \n> large network. \n \n \nBASS includes RPC support, and was designed with bulk in mind (It was \ndeveloped for the Internet Auditing Project). It will only take a few \nminutes of trivial effort to update the scanner (I might just do it \nmyself). Besides being a bit out of date, it's well suited for the \ntask. \n \n \nRPC support is based on portmapper however, so you won't fair well \nif the network is behind a firewall. \n \n \nYou can grab it at: \nhttp://www.securityfocus.com/data/tools/network/bass-1.0.7.tar.gz \n \n \nBTW, Unless you're running a Linux libc5 (our original development \nsystem), you'll need to apply the bugfix patches posted on Bugtraq a \nfew weeks ago (Yes, a new version *is* in order). \n \n \nFyodor's nmap, especially with RPC support is really an excellent tool. \nHowever, with nmap: \n1) It may take a while to comprehensively scan a very large network. \n2) It merely detects the presence of a service, and does not test for \nvulnerability (by attempting an overflow and evaluating the \nresponse, or the lack of one). \n \n \nCheers, \nLiraz \n`\n"}