[33] in Security FYI


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

statd attack seen

daemon@ATHENA.MIT.EDU (Geoffrey Coram)
Thu Jan 27 09:54:47 2000

Date: Thu, 27 Jan 2000 09:54:39 -0500
Message-Id: <200001271454.JAA31285@krylov.mit.edu>
From: Geoffrey Coram <gjcoram@rle-vlsi.mit.edu>
To: security-fyi@MIT.EDU
Reply-To: gjcoram@rle-vlsi.mit.edu

The following attack was noted by a Solaris machine in our lab:

Jan 27 08:53:08 sobolev.mit.edu statd[182]: statd: attempt to create "/var/statmon/sm/; echo "pcserver stream tcp nowait root /bin/sh sh -i" >>/tmp/bob ; /usr/sbin/inetd -s /tmp/bob &"

Net-security ran a check of this vulnerability back in August
(according to our logs).  If you haven't patched it yet, now
would be a good time.

http://www.cert.org/advisories/CA-99-05-statd-automountd.html


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[33] in Security FYI

statd attack seen

daemon@ATHENA.MIT.EDU (Geoffrey Coram)Thu Jan 27 09:54:47 2000

daemon@ATHENA.MIT.EDU (Geoffrey Coram)
Thu Jan 27 09:54:47 2000