|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [suse-security] Real bad log entry
From: BobF (FBob
wt.net)Date: Fri Mar 31 2000 - 17:51:22 CST
- Next message: Chrissy: "Re: [suse-security] Real bad log entry"
- Previous message: Chrissy: "[suse-security] Real bad log entry"
- In reply to: Chrissy: "[suse-security] Real bad log entry"
- Next in thread: Chrissy: "Re: [suse-security] Real bad log entry"
- Reply: BobF: "Re: [suse-security] Real bad log entry"
- Reply: Chrissy: "Re: [suse-security] Real bad log entry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 31 Mar 2000, Chrissy wrote:
> This looks terrible.. anyone have any ideas?
>
>
> Mar 30 20:45:00 rox /USR/SBIN/CRON[16114]: (root) CMD ( test -x
> /usr/lib/cron/run-crons && /usr/lib/cron/run-crons )
> Mar 30 20:46:14 rox
> ~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
<snip>
> Mar 30 20:46:55 rox named[380]: Cleaned cache of 57 RRsets
>
>
> I've got sendmail, web, named, and identd open to the world.. and pop3,
> ftp, ssh open to accepted ip ranges (via IPCHAINS)
>
> Please help..this sucks.
Looks like a named buffer overflow exploit.
What version of named are you using?
-- Bob FEMail FBob
A Truly Wise Man Never Plays Leapfrog With A Unicorn...
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe
- Next message: Chrissy: "Re: [suse-security] Real bad log entry"
- Previous message: Chrissy: "[suse-security] Real bad log entry"
- In reply to: Chrissy: "[suse-security] Real bad log entry"
- Next in thread: Chrissy: "Re: [suse-security] Real bad log entry"
- Reply: BobF: "Re: [suse-security] Real bad log entry"
- Reply: Chrissy: "Re: [suse-security] Real bad log entry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]