rpc.statd error

Phil Buckley phil at 1918.com
Sun Apr 29 12:06:07 EDT 2001


By the way, thanks to everyone who offered help, after I upgraded, the problem disappeared, but I think your correct that someone was trying to overflow through there.... well documented security flaw apparently (at least through rh 6.2).

Phil

*********** REPLY SEPARATOR  ***********

On 4/28/01 at 11:24 PM James R. Van Zandt wrote:

>Phil Buckley <phil at 1918.com> writes:
>
>>Anyone have an idea why I might be getting this error (from log
>>file)? Also, does anyone have a suggestion for checking to see if
>>statd is functioning properly?
>>
>>TIA,
>>Phil
>>
>>Apr 21 11:00:48 galloproductions rpc.statd[342]: gethostbyname error
>for ^X)B÷ÿ¿^X÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿%...
>
>This looks like a buffer overflow exploit.  I got hit with one a
>couple of weeks ago.
>
>See http://www.sans.org/y2k/adore.htm for more information, or visit
>Google and search for "rpc.statd buffer overflow".
>
>	   - Jim Van Zandt
>
>
>-
>Subcription/unsubscription/info requests: send e-mail with
>"subscribe", "unsubscribe", or "info" on the first line of the
>message body to discuss-request at blu.org (Subject line is ignored).



-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list