OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] Real bad log entry
From: BobF (FBobwt.net)
Date: Fri Mar 31 2000 - 17:51:22 CST


On Fri, 31 Mar 2000, Chrissy wrote:
> This looks terrible.. anyone have any ideas?
>
>
> Mar 30 20:45:00 rox /USR/SBIN/CRON[16114]: (root) CMD ( test -x
> /usr/lib/cron/run-crons && /usr/lib/cron/run-crons )
> Mar 30 20:46:14 rox
> ~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
<snip>
> Mar 30 20:46:55 rox named[380]: Cleaned cache of 57 RRsets
>
>
> I've got sendmail, web, named, and identd open to the world.. and pop3,
> ftp, ssh open to accepted ip ranges (via IPCHAINS)
>
> Please help..this sucks.

Looks like a named buffer overflow exploit.
What version of named are you using?

-- 
Bob F

EMail FBobwt.net

A Truly Wise Man Never Plays Leapfrog With A Unicorn...

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribesuse.com For additional commands, e-mail: suse-security-helpsuse.com