rpc.statd error
Phil Buckley
phil at 1918.com
Sun Apr 29 12:06:07 EDT 2001
By the way, thanks to everyone who offered help, after I upgraded, the problem disappeared, but I think your correct that someone was trying to overflow through there.... well documented security flaw apparently (at least through rh 6.2).
Phil
*********** REPLY SEPARATOR ***********
On 4/28/01 at 11:24 PM James R. Van Zandt wrote:
>Phil Buckley <phil at 1918.com> writes:
>
>>Anyone have an idea why I might be getting this error (from log
>>file)? Also, does anyone have a suggestion for checking to see if
>>statd is functioning properly?
>>
>>TIA,
>>Phil
>>
>>Apr 21 11:00:48 galloproductions rpc.statd[342]: gethostbyname error
>for ^X�)B÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿%...
>
>This looks like a buffer overflow exploit. I got hit with one a
>couple of weeks ago.
>
>See http://www.sans.org/y2k/adore.htm for more information, or visit
>Google and search for "rpc.statd buffer overflow".
>
> - Jim Van Zandt
>
>
>-
>Subcription/unsubscription/info requests: send e-mail with
>"subscribe", "unsubscribe", or "info" on the first line of the
>message body to discuss-request at blu.org (Subject line is ignored).
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list