This is only a small one and not that serious because remote lusers shouldnt
have access to your portmappers at all. However if they do then rpc.mountd
gives out more info than is ideal.
Viz
mount testbox:/usr/lib /mnt
mount testbox:/usr/lib failed, reason given by server: Permission denied
mount testbox:/usr/libs /mnt
mount: testbox:/usr/libs failed, reason given by server: No such file or
directory
ie you can use it to test what is installed on a box.
Alan
[mod: The bad news is that you don''t really need access to the
portmapper to find the mountd: a port scan between 500 and 1000 will
most likely turn up just a few ports that you can connect to, and
trying to send a mount request to those ports will quickly tell you
where the mountd lives.... -- REW]
