From owner-freebsd-security Thu Jan 25 9:31:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id F3A5B37B69F for ; Thu, 25 Jan 2001 09:31:23 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id E8ABE1360C; Thu, 25 Jan 2001 12:31:20 -0500 (EST) Date: Thu, 25 Jan 2001 12:31:20 -0500 From: Chris Faulhaber To: "Steven G. Kargl" Cc: freebsd-security@freebsd.org Subject: Re: buffer overflows in rpc.statd? Message-ID: <20010125123120.A60926@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , "Steven G. Kargl" , freebsd-security@freebsd.org References: <200101251726.f0PHQei65827@troutmask.apl.washington.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200101251726.f0PHQei65827@troutmask.apl.washington.edu>; from kargl@troutmask.apl.washington.edu on Thu, Jan 25, 2001 at 09:26:39AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jan 25, 2001 at 09:26:39AM -0800, Steven G. Kargl wrote: > Are there any known compromises of rpc.statd that involve > buffer overflows? I have several entries in /var/log/messages that > look suspicious, but I currently don't know what these entries > mean (see attachment). The suspicious entries appear to be > buffers that someone or something has tried to overflow. > No, someone is trying to use a Linux rpc.statd exploit on your box, to which the BSD's were never vulnerable (see previous posts on this topic for more info). -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message