Re: nfs-common
On Thu, Jan 25, 2001 at 07:11:26PM +0000, Colin Watson wrote:
:It could be someone trying an NFS exploit against your system, though
:potato systems shouldn't be vulnerable to it.
I'd s/could\ be/IS/;
:>f<CD>
:>Jan 18 19:16:45 brockwell
:><C7>^F/bin<C7>F^D/shA0<C0><88>F^G<89>v^L<8D>V^P<8D>N^L<89><F3><B0>^K<CD><80><B0>^A<CD><80><E8>^?<FF><FF>
:
:This, in particular, looks very suspicious. Notice the /bin/sh.
One version of this exploit adds a root shell the end of
/etc/inetd.conf look for that.
-Jon
Reply to: