On Thu, Mar 08, 2001 at 07:40:08AM -0800, oldfartgtonet wrote:

> > Linux script kiddie running a Linux rpc.statd exploit on your box that
> > (surprise!) doesn't work on FreeBSD. :-)
> >
>
> No, I don't think so, because I get that error on my NFS server too and I
> know who's on that box and what they're running (unless this is a remote
> exploit) I can certainly block the port (#?) via my firewall but I don't
> think that's it. I think it's a problem that's been ignored and written off
> as an attempted exploit on many boxes.

No, it IS an inapplicable remote rpc.statd exploit which never applied
to FreeBSD. Notice all of the %x and %n operators in the string
they're sending; these are the signatures of a format string bug,
which the Linux rpc.statd suffered from, but which is different code
to what BSD uses and therefore not an applicable vulnerability, and
nothing more than an annoyance unless you have Linux systems you
haven't updated in a while.

> Mar 6 18:26:19 mls rpc.statd: invalid hostname to sm_stat:
> ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%1
> 37x%n%10x%n%192x%nM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-
> ^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM-

Kris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6p7CjWry0BWjoQKURApVnAJ9bmBHFGvkje3brUMfsl06xG8IoLACgip8G
I4mq2jc1Sd/5/ishUMHDQ5k=
=F3K7
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]