While this is hardly a new bug and the dangers of not having proper
anti-spoofing
checks in your perimeter router/firewall has been discussed over and
over in the
past years I believe it might be worth a post to bugtraq.
The following can be taken as an example of how a combination of bugs,
2. Theres no check for the src address and port of the replies to
forwarded calls to match the dst address and port of the original
call.
rpcbind does not check that RPC reply messages, received on the
socket used to forward CALLIT requests, have a valid source address,
While this is hardly a new bug and the dangers of not having proper
anti-spoofing
checks in your perimeter router/firewall has been discussed over and
over in the
past years I believe it might be worth a post to bugtraq.
The following can be taken as an example of how a combination of bugs,
