[100245] in RedHat Linux List
Re: Hack attempts!
daemon@ATHENA.MIT.EDU (Steven Krikstone)
Thu Nov 19 12:04:59 1998
Date: Thu, 19 Nov 1998 09:34:35 -0600 (CST)
From: Steven Krikstone <triden3@cheney.net>
To: "'redhat-list@redhat.com'" <redhat-list@redhat.com>
In-Reply-To: <402EA738A9EDD11183BA0060976194065C65@h24-64-231-158.cg.wave.shaw.ca>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On Wed, 18 Nov 1998, David I Wolf wrote:
> I have been getting a LOT of hack attempts lately: Can anyone
> give me some info on the type of hacks? Here are the logs of the event..
This is an attemp to overflow a buffer in mountd. The exploit was widely
talked about on BUGTRAQ several weeks ago. If they intruder knows what
they are doing, they _can_ gain root access. Check the RH 5.1 errata page
for the updated nfs-server and nfs-server-clients rpms.
-steve
> Nov 17 22:08:20 mountain
> Nov 17 22:08:20 mountain syslogd: Cannot glue message parts together
> Nov 17 22:08:20 mountain 29>Nov 17 22:08:20 mountd[310]: NFS mount of
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
[ log snipped]
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
