Re: rpc.statd attack?
>> I got the following (alarming) messages on syslog:
>
>This is becoming a FAQ.. it's a failed crack attempt.
I got the same attempt on Sunday. This is what I found out about it:
"The rpc.statd program passes user-supplied data to the syslog() function
as a format string. If there is no input validation of this string, a
malicious user can inject machine code to be executed with the privileges
of the rpc.statd process, typically root."
I got this from http://www.cert.org/advisories/CA-2000-17.html
The Debian fix is here.
http://www.debian.org/security/2000/20000719a
Systems that are kept up to date should be fine I hope. I don't use NFS so
I disabled the nfs-common and nfs-server scripts to be on the safe side.
That way rpc* and statd* programs will stop running.
jmb
Reply to: