Perhaps it's an exploit involving the sprintf()s in the nfs-server package that were recently fixed. The sprintf()s were in a section of code that dealt with logging, and I believe were shared between mountd & nfsd. The fixed package is available at ftp://linux.mathematik.tu-darmstadt.de/pub/linux/people/okir/nfs-server-2.2beta36.tar.gz In fact, looking back at Okir's message to Bugtraq, he says: heres an update on the Linux unfsd hole. The problem (as most may have found out by now looking at the diffs) was a buffer overrun in the code that was supposed to log failed mount attempts :-/ This exploit might not be anything new. It would help to know what version of nfsd the cracked sites were running.. On Thu, 17 Sep 1998, Andrew Hobgood wrote: > > There is apparently a un-released remote root exploit for slackware > > 3.4-3.5 that involves sunrpc. > > The grapevine seems to indicate that it's a buffer overrun in rpc.mountd. > Again, I can't verify the accuracy of this information. >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:38 PDT