From owner-freebsd-security  Thu Aug 17 20:21:40 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id 4D1A937B509; Thu, 17 Aug 2000 20:21:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4A6E62E8039; Thu, 17 Aug 2000 20:21:37 -0700 (PDT)
Date: Thu, 17 Aug 2000 20:21:36 -0700 (PDT)
From: Kris Kennaway <kris@hub.freebsd.org>
To: David La Croix <dlacroix@cowpie.acm.vt.edu>
Cc: freebsd-security@freebsd.org
Subject: Re: rpc.statd -- is someone trying to exploit a buffer overflow?
In-Reply-To: <200008172123.RAA16515@cowpie.acm.vt.edu>
Message-ID: <Pine.BSF.4.21.0008172019350.7587-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 17 Aug 2000, David La Croix wrote:

> 
> I manage a fileserver for my company, and it happens to be running 
> FreeBSD 3.4-Stable (April 10) with NFS enabled:
> 
> I've noticed repeated messages of the form:
> DATE maurice rpc.statd: invalid hostname to sm_stat: lots of binary crap.

Most linux distributions had a root exploit in rpc.statd recently..the %8x
operators indicate thats what they're trying to exploit here.

But never fear, FreeBSD has no vulnerability here :-)

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message