Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Mar 2001 22:34:39 -0500
From:      scott <smnoldelinux@mediaone.net>
To:        Dan Delaney <Dionysos@Dionysia.org>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Freaky message in /var/log/messages
Message-ID:  <3AC3FECF.BF88BED4@mediaone.net>
References:  <Pine.BSF.4.21.0103292218120.489-100000@bakchos.dionysia.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
That is an attempt at a buffer overflow exploit.  Check your version of
rpc.statd (why is this listening to the external interface?) and compare
with any vulnerabilities at cert.org or securityfocus.com.

Do you really need to run that service?

- Scott

Dan Delaney wrote:
> 
> Hi all
> 
> Lately I've been getting this very bizarre message sent to the
> console and put in /var/log/messages. Here it is:
> 
> Mar 29 21:58:47 bakchos rpc.statd: invalid hostname to sm_stat:
> ^Xw^??^Xw^??^Yw^??^Yw^??^Zw^??^Zw^??^[w^??^[w^??%8x%8x%8x%8x%8x%
> 8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P
> ^P^P^P^P
> 
> That's it. The whole thing in its glorious entirety! (All of that is
> actually on one line in the file.)
> 
> Anyone have any idea what the hell that's all about? :-)
> 
> Thanks a lot.
> -- Dan
> ________________________________________________________________________
>  Dionysos@Dionysia.org                                Daniel G. Delaney
>  www.Dionysia.org/~dionysos/
>  PGP Public Key: /~dionysos/pgp.html
> ------------------------------------------------------------------------
> A king's castle is his home.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

-- 
-----------
Scott Nolde
-----------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AC3FECF.BF88BED4>