[chaos at STRANGE.NET: Re: SunRPC and slackware 3.4 and 3.5..]

Nikos Mavroyanopoulos nmav at i-net.paiko.gr
Fri Sep 18 10:15:44 EEST 1998


----- Forwarded message from Andrew Hobgood <chaos at STRANGE.NET> -----

MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.3.96.980917131403.27662A-100000 at schizo.strange.net>
Date: 	Thu, 17 Sep 1998 13:20:19 -0400
Reply-To: Andrew Hobgood <chaos at STRANGE.NET>
Sender: Bugtraq List <BUGTRAQ at netspace.org>
From: Andrew Hobgood <chaos at STRANGE.NET>
Subject:      Re: SunRPC and slackware 3.4 and 3.5..
X-To:         Vincent Janelle <malokai at GILDEA.NET>
To: BUGTRAQ at netspace.org

> There is apparently a un-released remote root exploit for slackware
> 3.4-3.5 that involves sunrpc.

Supposedly, RedHat 5.x and Debian are also affected by this exploit, but
I'm not sure how accurate those rumors are.

> I realize that normally one should provide more information, but I thought
> people should know this.

The grapevine seems to indicate that it's a buffer overrun in rpc.mountd.
Again, I can't verify the accuracy of this information.

> Just a little reminder that you shouldn't run stuff that you don't need.

Definitely.... this exploit is actively being used to break into machines
on the Internet.  If you see port scans across your machines seeking RPC
ports, immediately log the source IP and investigate, as it could be an
attacker looking for a weak link in your network.  It seems that the basic
targets are Intel-based Linux machines without executable stack patches, so
we can assume that the exploit is another cut-'n-pasted Intel bytecode
overflow.

Just a little more heads-up...

/Andrew


----- End forwarded message -----

-- 
         Nikos Mavroyanopoulos
          nmav at i-net.paiko.gr
finger/pgpkey: ma06205 at hermes.cc.uoi.gr
--
====================================================================
Gia boithia (h na diagrafhte) e-mail sto majordomo at argos.hol.gr
Ta archives tis listas einai sto http://www.argos.hol.gr/lists :
prin steilete kapoia erothsh psakte mipos exei hdh apanththei.
Gia opoiodipote problima stilte e-mail ston owner-linux-greek-users
====================================================================



More information about the Linux-greek-users mailing list