From owner-freebsd-security  Thu Jan 25  9:32: 5 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id BB9EE37B6A0
	for <freebsd-security@FreeBSD.ORG>; Thu, 25 Jan 2001 09:31:48 -0800 (PST)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id f0PHVlG22248;
	Thu, 25 Jan 2001 09:31:47 -0800 (PST)
Date: Thu, 25 Jan 2001 09:31:47 -0800
From: Alfred Perlstein <bright@wintelcom.net>
To: "Steven G. Kargl" <kargl@troutmask.apl.washington.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: buffer overflows in rpc.statd?
Message-ID: <20010125093147.M26076@fw.wintelcom.net>
References: <200101251726.f0PHQei65827@troutmask.apl.washington.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200101251726.f0PHQei65827@troutmask.apl.washington.edu>; from kargl@troutmask.apl.washington.edu on Thu, Jan 25, 2001 at 09:26:39AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Steven G. Kargl <kargl@troutmask.apl.washington.edu> [010125 09:29] wrote:
> Are there any known compromises of rpc.statd that involve
> buffer overflows?  I have several entries in /var/log/messages that
> look suspicious, but I currently don't know what these entries
> mean (see attachment).   The suspicious entries appear to be
> buffers that someone or something has tried to overflow.

Kiddies running linux exploits against your box.

-Alfred


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message