Re: nfs-common

To: debian-user@lists.debian.org
Subject: Re: nfs-common
From: "Jonathan D. Proulx" <jon@ai.mit.edu>
Date: Sat, 27 Jan 2001 10:24:25 -0500
Message-id: <[🔎] 20010127102425.F2300@spoon.ai.mit.edu>
Mail-followup-to: "Jonathan D. Proulx" <jon@ai.mit.edu>, debian-user@lists.debian.org
In-reply-to: <[🔎] E14Lrnq-0007dA-00@riva.ucam.org>; from cjw44@flatline.org.uk on Thu, Jan 25, 2001 at 07:11:26PM +0000
References: <[🔎] 3A706E1F.D582FBF8@usgs.gov> <[🔎] E14Lrnq-0007dA-00@riva.ucam.org>

On Thu, Jan 25, 2001 at 07:11:26PM +0000, Colin Watson wrote:

:It could be someone trying an NFS exploit against your system, though
:potato systems shouldn't be vulnerable to it.

I'd s/could\ be/IS/;

:>f<CD>
:>Jan 18 19:16:45 brockwell
:><C7>^F/bin<C7>F^D/shA0<C0><88>F^G<89>v^L<8D>V^P<8D>N^L<89><F3><B0>^K<CD><80><B0>^A<CD><80><E8>^?<FF><FF>
:
:This, in particular, looks very suspicious. Notice the /bin/sh.

One version of this exploit adds a root shell the end of
/etc/inetd.conf look for that.

-Jon

Reply to:

Follow-Ups:
- Re: nfs-common
  - From: cjw44@flatline.org.uk (Colin Watson)

References:
- nfs-common
  - From: Brock Murch <bmurch@usgs.gov>
- Re: nfs-common
  - From: cjw44@flatline.org.uk (Colin Watson)

Prev by Date: Re: DHCP and DNS address with cable modem service . .
Next by Date: Re: printing to motd
Previous by thread: Re: nfs-common
Next by thread: Re: nfs-common
Index(es):
- Date
- Thread