Re: rpc.statd

From: Jose Nazario (joseat_private)
Date: Mon Oct 01 2001 - 09:30:07 PDT

  • Next message: Michael Clark: "Scan of the Month - October"

    On Mon, 1 Oct 2001 nikoat_private wrote:
    
    >   Anyone know which exploit the following signature is associated with?
    
    > Sep 30 05:35:10 rpc.statd[470]: gethostbyname error for
    > ^X^?^X^?^Y^?^Y^?^Z^?^Z^?^[^?^[^?%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x
    > %n%137x%n%10x%n%192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2
    
    [snip]
    
    http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rpc.statd
    
    looks like CVE-2000-0666 (the evil CVE entry for the year? hahaha)
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0666
    
    get familiar with the CVE, its a great resource.
    
    ____________________________
    jose nazario						     joseat_private
    	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
    				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Mon Oct 01 2001 - 11:44:24 PDT