top | item 27695403

(no title)

szc | 4 years ago

I remember capturing a copy of "snake" for analysis and figuring out the exploit.

It wasn't just world exposed NFS shares - it was any share that was exported to itself. You could use portmap as a proxy and get the root file handle.

If you weren't able to patch portmap, the only remedy was to never export a filesystem to yourself.

discuss

No comments yet.