[logs] cachefsd remote heap overflow

From: Tina Bird (tbird@precision-guesswork.com)
Date: Mon May 13 2002 - 13:38:34 PDT

  • Next message: Rajkumar S.: "[logs] couple of questions"

    Hi all:
    
    CERT issued an advisory last week about a heap overflow in the Solaris
    cachefsd service.  It's at http://www.cert.org/advisories/CA-2002-11.html.
    They included the following log data:
    
    May 16 22:46:08 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd:
    Segmentation Fault - core dumped
    May 16 22:46:21 victim-host last message repeated 7 times
    May 16 22:46:22 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd: Bus
    Error - core dumped
    May 16 22:46:24 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd:
    Segmentation Fault - core dumped
    May 16 22:46:56 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd: Bus
    Error - core dumped
    May 16 22:46:59 victim-host last message repeated 1 time
    May 16 22:47:02 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd:
    Segmentation Fault - core dumped
    May 16 22:47:07 victim-host last message repeated 3 times
    May 16 22:47:09 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd:
    Hangup
    May 16 22:47:11 victim-host inetd[600]: /usr/lib/fs/cachefs/cachefsd:
    Segmentation Fault - core dumped
    
    CERT also stated that it's received reports that this vulnerability is
    being exploited in the wild.
    
    Something to keep an eye out for, clearly.  I will be posting this
    signature to the Log Analysis page, in the "Signs of Problems" section.
    
    cheers -- tbird
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Mon May 13 2002 - 13:45:48 PDT