Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Jan 2001 11:41:16 -0600
From:      "Scot W. Hetzel" <hetzels@westbend.net>
To:        "Steven G. Kargl" <kargl@troutmask.apl.washington.edu>, <freebsd-security@FreeBSD.ORG>
Subject:   Re: buffer overflows in rpc.statd?
Message-ID:  <024b01c086f6$0cfda480$7d7885c0@genroco.com>
References:  <200101251726.f0PHQei65827@troutmask.apl.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
From: "Steven G. Kargl" <kargl@troutmask.apl.washington.edu>
> Are there any known compromises of rpc.statd that involve
> buffer overflows?  I have several entries in /var/log/messages that
> look suspicious, but I currently don't know what these entries
> mean (see attachment).   The suspicious entries appear to be
> buffers that someone or something has tried to overflow.
>
I've been seeing the same thing on a FreeBSD 4.2-STABLE (Dec 23).

Anybody have an Ideal as to what this is?

Jan 25 03:27:48 spare rpc.statd: invalid hostname to sm_stat:
^X\xf7\xff\xbf^X\xf7\xff\xbf^Y\xf7\xff\xbf^Y\xf7\xff\xbf^Z\xf7\xff\xbf^Z\xf7
\x
ff\xbf^[\xf7\xff\xbf^[\xf7\xff\xbf%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%
10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P
M-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^P

Scot



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?024b01c086f6$0cfda480$7d7885c0>