Search...

rpc_vulnerability.txt

1999-09-19T00:00:00

ID PACKETSTORM:15637
Type packetstorm
Reporter Packet Storm
Modified 1999-09-19T00:00:00

Description

                                        
                                            `Subject: Auditing for RPC vulnerabilities? Use BASS  
To: BUGTRAQ@SECURITYFOCUS.COM   
  
  
On Wed, Sep 01, 1999 at 09:44:26PM -0400, Fyodor wrote:  
  
  
&gt; Further, it can be painful to locate and 'rpcinfo' every host on a  
&gt; large network.  
  
  
BASS includes RPC support, and was designed with bulk in mind (It was  
developed for the Internet Auditing Project). It will only take a few  
minutes of trivial effort to update the scanner (I might just do it  
myself). Besides being a bit out of date, it's well suited for the  
task.  
  
  
RPC support is based on portmapper however, so you won't fair well  
if the network is behind a firewall.  
  
  
You can grab it at:  
http://www.securityfocus.com/data/tools/network/bass-1.0.7.tar.gz  
  
  
BTW, Unless you're running a Linux libc5 (our original development  
system), you'll need to apply the bugfix patches posted on Bugtraq a  
few weeks ago (Yes, a new version *is* in order).  
  
  
Fyodor's nmap, especially with RPC support is really an excellent tool.  
However, with nmap:  
1) It may take a while to comprehensively scan a very large network.  
2) It merely detects the presence of a service, and does not test for  
vulnerability (by attempting an overflow and evaluating the  
response, or the lack of one).  
  
  
Cheers,  
Liraz  
`

JSON Vulners Source

Initial Source

{"reporter": "Packet Storm", "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2016-11-03T10:27:38"}, "dependencies": {"references": [], "modified": "2016-11-03T10:27:38"}, "vulnersScore": -0.1}, "published": "1999-09-19T00:00:00", "cvelist": [], "lastseen": "2016-11-03T10:27:38", "history": [], "id": "PACKETSTORM:15637", "sourceHref": "https://packetstormsecurity.com/files/download/15637/rpc_vulnerability.txt", "objectVersion": "1.2", "sourceData": "`Subject: Auditing for RPC vulnerabilities? Use BASS \nTo: BUGTRAQ@SECURITYFOCUS.COM \n \n \nOn Wed, Sep 01, 1999 at 09:44:26PM -0400, Fyodor wrote: \n \n \n> Further, it can be painful to locate and 'rpcinfo' every host on a \n> large network. \n \n \nBASS includes RPC support, and was designed with bulk in mind (It was \ndeveloped for the Internet Auditing Project). It will only take a few \nminutes of trivial effort to update the scanner (I might just do it \nmyself). Besides being a bit out of date, it's well suited for the \ntask. \n \n \nRPC support is based on portmapper however, so you won't fair well \nif the network is behind a firewall. \n \n \nYou can grab it at: \nhttp://www.securityfocus.com/data/tools/network/bass-1.0.7.tar.gz \n \n \nBTW, Unless you're running a Linux libc5 (our original development \nsystem), you'll need to apply the bugfix patches posted on Bugtraq a \nfew weeks ago (Yes, a new version *is* in order). \n \n \nFyodor's nmap, especially with RPC support is really an excellent tool. \nHowever, with nmap: \n1) It may take a while to comprehensively scan a very large network. \n2) It merely detects the presence of a service, and does not test for \nvulnerability (by attempting an overflow and evaluating the \nresponse, or the lack of one). \n \n \nCheers, \nLiraz \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "description": "", "references": [], "edition": 1, "title": "rpc_vulnerability.txt", "type": "packetstorm", "modified": "1999-09-19T00:00:00", "hash": "b1d970041023d01f0bf2cf5b35d5b71528076500567e052eef0950006fff7cf5", "bulletinFamily": "exploit", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "bf8abbf9694609b9044851d3243e1d0e", "key": "href"}, {"hash": "0d3509bd2e63c04b61fab497bb43ac4e", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "0d3509bd2e63c04b61fab497bb43ac4e", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "7e63640ffbb0546f3e2929f550c8818d", "key": "reporter"}, {"hash": "3d6d2c5483bad779a33d9566b61bf88a", "key": "sourceData"}, {"hash": "1ecb686fab0586e970fd74142b68be99", "key": "sourceHref"}, {"hash": "2cea0346efe2ca94a378fa91b81c0386", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}], "href": "https://packetstormsecurity.com/files/15637/rpc_vulnerability.txt.html", "viewCount": 0}