Date: Thu, 8 Mar 2001 08:17:40 -0800 From: Kris Kennaway <kris@obsecurity.org> To: "oldfart@gtonet" <oldfart@gtonet.net> Cc: Will Andrews <will@physics.purdue.edu>, Will Mitayai Keeso Rowe <mitayai@dreaming.org>, freebsd-security@FreeBSD.ORG Subject: Re: strange messages Message-ID: <20010308081740.B84970@mollari.cthul.hu> In-Reply-To: <BIEHKEFNHFMMJEKCDMLNEEAPCGAA.oldfart@gtonet.net>; from oldfart@gtonet.net on Thu, Mar 08, 2001 at 07:40:08AM -0800 References: <20010308091303.I45561@ohm.physics.purdue.edu> <BIEHKEFNHFMMJEKCDMLNEEAPCGAA.oldfart@gtonet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--ftEhullJWpWg/VHq Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 08, 2001 at 07:40:08AM -0800, oldfart@gtonet wrote: > > Linux script kiddie running a Linux rpc.statd exploit on your box that > > (surprise!) doesn't work on FreeBSD. :-) > > >=20 > No, I don't think so, because I get that error on my NFS server too and I > know who's on that box and what they're running (unless this is a remote > exploit) I can certainly block the port (#?) via my firewall but I don't > think that's it. I think it's a problem that's been ignored and written o= ff > as an attempted exploit on many boxes. No, it IS an inapplicable remote rpc.statd exploit which never applied to FreeBSD. Notice all of the %x and %n operators in the string they're sending; these are the signatures of a format string bug, which the Linux rpc.statd suffered from, but which is different code to what BSD uses and therefore not an applicable vulnerability, and nothing more than an annoyance unless you have Linux systems you haven't updated in a while. > Mar 6 18:26:19 mls rpc.statd: invalid hostname to sm_stat: > ^X=F7=FF=BF^X=F7=FF=BF^Y=F7=FF=BF^Y=F7=FF=BF^Z=F7=FF=BF^Z=F7=FF=BF^[=F7= =FF=BF^[=F7=FF=BF%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1 > 37x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^= PM- > ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^= PM- Kris --ftEhullJWpWg/VHq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6p7CjWry0BWjoQKURApVnAJ9bmBHFGvkje3brUMfsl06xG8IoLACgip8G I4mq2jc1Sd/5/ishUMHDQ5k= =F3K7 -----END PGP SIGNATURE----- --ftEhullJWpWg/VHq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010308081740.B84970>