Hi! This is the ezmlm program. I'm managing the
bugtraq@securityfocus.com mailing list.
I'm working for my owner, who can be reached
at bugtraq-owner@securityfocus.com.
Messages to you from the bugtraq mailing list seem to
have been bouncing. I've attached a copy of the first bounce
message I received.
If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the bugtraq mailing list,
without further notice.
I've kept a list of which messages from the bugtraq mailing list have
bounced from your address.
Copies of these messages may be in the archive.
To retrieve a set of messages 123-145 (a maximum of 100 per request),
send an empty message to:
<bugtraq-get.123_145@securityfocus.com>
To receive a subject and author list for the last 100 or so messages,
send an empty message to:
<bugtraq-index@securityfocus.com>
Here are the message numbers:
6906
6964
7000
7023
7027
7025
--- Enclosed is a copy of the bounce message I received.
Return-Path: <>
Received: (qmail 24031 invoked from network); 19 Oct 2002 05:23:28 -0000
Received: from unknown (HELO securityfocus.com) (205.206.231.9)
by lists.securityfocus.com with SMTP; 19 Oct 2002 05:23:28 -0000
Received: (qmail 4083 invoked by alias); 19 Oct 2002 05:24:41 -0000
Received: (qmail 7634 invoked from network); 19 Oct 2002 05:02:19 -0000
Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.27)
by mail.securityfocus.com with SMTP; 19 Oct 2002 05:02:19 -0000
Received: by outgoing.securityfocus.com (Postfix)
id 1207CA9F7A; Fri, 18 Oct 2002 22:36:48 -0600 (MDT)
Date: Fri, 18 Oct 2002 22:36:48 -0600 (MDT)
From: MAILER-DAEMON@outgoing.securityfocus.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: bugtraq-return-6906-list-bugtraq=spinics.net@securityfocus.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="8E4B0A373C.1035002075/outgoing.securityfocus.com"
Message-Id: <20021019043648.1207CA9F7A@outgoing.securityfocus.com>
This is a MIME-encapsulated message.
--8E4B0A373C.1035002075/outgoing.securityfocus.com
Content-Description: Notification
Content-Type: text/plain
This is the Postfix program at host outgoing.securityfocus.com.
I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the message returned below.
The Postfix program
<list-bugtraq@spinics.net>: Name service error for spinics.net: Host found but
no data record of requested type
--8E4B0A373C.1035002075/outgoing.securityfocus.com
Content-Description: Delivery error report
Content-Type: message/delivery-status
Reporting-MTA: dns; outgoing.securityfocus.com
Arrival-Date: Fri, 18 Oct 2002 12:33:59 -0600 (MDT)
Final-Recipient: rfc822; list-bugtraq@spinics.net
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; Name service error for spinics.net: Host found but
no data record of requested type
--8E4B0A373C.1035002075/outgoing.securityfocus.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
by outgoing.securityfocus.com (Postfix) with QMQP
id 8E4B0A373C; Fri, 18 Oct 2002 12:33:59 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 13747 invoked from network); 18 Oct 2002 12:29:46 -0000
Date: Fri, 18 Oct 2002 08:55:11 -0400
From: Edsel Adap <edsel@adap.org>
To: m g <mg_outlaw@hotmail.com>
Subject: Re: NFS Denial of Service advisory from Sun
Message-ID: <20021018085511.A1576@adap.org>
References: <F77Fa4FtdNTXEnSxHnY00001087@hotmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <F77Fa4FtdNTXEnSxHnY00001087@hotmail.com>; from mg_outlaw@hotmail.com on Thu, Oct 17, 2002 at 12:21:50PM +0000
X-PGP-Key: http://www.adap.org/~edsel/.gpg-public-key
X-GPG-Key: http://www.adap.org/~edsel/.gpg-public-key
--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I tested this on my Solaris NFS server and it didn't kill lockd.
However there are many ways to DoS a Solaris NFS server.
One of them is to put a RedHat 7.3 (original kernel) on the network
as an NFS client then initiate a large read over NFS and watch the
Solaris NFS server become unresponsive to pings. As soon as you kill
the read everything goes back to normal.
On Thu, Oct 17, 2002 at 12:21:50PM +0000, m g wrote:
> Hello all,
>=20
> Today, Sun released an advisory (47815) about how the lockd can be used t=
o=20
> cause a DoS of NFS. However they did not provide any details about how th=
e=20
> lockd can be killed to trigger this. See=20
> http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=3Dfsalert%2F47815&zone_32=
=3Dcategory%3Asecurity
>=20
> Does anyone know if this security issue is somehow related to the Bugtraq=
=20
> posting from Mike Murray about lockd and nfs on Linux from June 2000, s=
ee:
> http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html
>=20
> I currently don't have a Sun box available to test it myself, so perhaps=
=20
> someone else can verify this or provide me information about this.
>=20
> Grtx Mike G. (not Mike Murray)
>=20
> _________________________________________________________________
> Unlimited Internet access for only $21.95/month.=A0 Try MSN!=20
> http://resourcecenter.msn.com/access/plans/2monthsfree.asp
--=20
Edsel Adap
edsel@adap.org
http://www.adap.org/~edsel/ LINUX - the choice of the GNU generati=
on
"Netscape is an application which grows to fill all available memory." - me
--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9sASvm5zHAsD2X+oRAsU1AJ0b9JNFGfZf4g/SGMSmBMTLCuNBkwCffICL
mqs92ZdA3isZdQxfROzrbBA=
=ZwCj
-----END PGP SIGNATURE-----
--fdj2RfSjLxBAspz7--
--8E4B0A373C.1035002075/outgoing.securityfocus.com--
