Date: Mon, 4 Jun 2001 14:21:16 +0200 From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl> To: Gino Thomas <ingram@vc-protect.net> Cc: security@freebsd.org Subject: Re: rpc.statd attack before ipfw activated Message-ID: <20010604142116.R3509@riget.scene.pl> In-Reply-To: <E156sBF-0003my-00@mrvdom00.schlund.de>; from ingram@vc-protect.net on Mon, Jun 04, 2001 at 01:05:53PM %2B0200 References: <E156sBF-0003my-00@mrvdom00.schlund.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 04, 2001 at 01:05:53PM +0200, Gino Thomas wrote: > > xbf^[\xf7\xff\xbf%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n > Seems to be a typical shellcode string. It isn't 'typical' shellcode string. Bug in Linux rpc.statd is format string vulnerability, not buffer overflow. > A "typical" attackbuffer looks like this: nopnopnopnopshellcode/bin/shretretretretret Not in case of formatting vulnerabilities. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010604142116.R3509>