[SAC] [support.osuosl.org #29762] osgeo6.osgeo.osuosl.org portmapper vulnerability

Martin Spott Martin.Spott at mgras.net
Sat May 12 01:14:59 PDT 2018

On Fri, May 11, 2018 at 02:31:10PM -0700, Cody Holliday via RT wrote:

> osgeo6.osgeo.osuosl.org is still vulnerable to portmapper amplification
> attacks! Please use the provided materials to secure your host.

Unfortunately I missed the previous notion of this issue.

I've now removed portmap/rpcbind from all OSGeo machines I have access to -
"download" and "osgeo6" were affected.

Thanks for reminding,

 Unix _IS_ user friendly - it's just selective about who its friends are !

More information about the Sac mailing list