From owner-freebsd-security Thu Jan 25 9:32: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id BB9EE37B6A0 for ; Thu, 25 Jan 2001 09:31:48 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f0PHVlG22248; Thu, 25 Jan 2001 09:31:47 -0800 (PST) Date: Thu, 25 Jan 2001 09:31:47 -0800 From: Alfred Perlstein To: "Steven G. Kargl" Cc: freebsd-security@FreeBSD.ORG Subject: Re: buffer overflows in rpc.statd? Message-ID: <20010125093147.M26076@fw.wintelcom.net> References: <200101251726.f0PHQei65827@troutmask.apl.washington.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200101251726.f0PHQei65827@troutmask.apl.washington.edu>; from kargl@troutmask.apl.washington.edu on Thu, Jan 25, 2001 at 09:26:39AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Steven G. Kargl [010125 09:29] wrote: > Are there any known compromises of rpc.statd that involve > buffer overflows? I have several entries in /var/log/messages that > look suspicious, but I currently don't know what these entries > mean (see attachment). The suspicious entries appear to be > buffers that someone or something has tried to overflow. Kiddies running linux exploits against your box. -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message