> There is apparently a un-released remote root exploit for slackware > 3.4-3.5 that involves sunrpc. Supposedly, RedHat 5.x and Debian are also affected by this exploit, but I'm not sure how accurate those rumors are. > I realize that normally one should provide more information, but I thought > people should know this. The grapevine seems to indicate that it's a buffer overrun in rpc.mountd. Again, I can't verify the accuracy of this information. > Just a little reminder that you shouldn't run stuff that you don't need. Definitely.... this exploit is actively being used to break into machines on the Internet. If you see port scans across your machines seeking RPC ports, immediately log the source IP and investigate, as it could be an attacker looking for a weak link in your network. It seems that the basic targets are Intel-based Linux machines without executable stack patches, so we can assume that the exploit is another cut-'n-pasted Intel bytecode overflow. Just a little more heads-up... /Andrew
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:37 PDT