[logs] log data for RPC/XDR vulnerability

From: Tina Bird (tbird@precision-guesswork.com)
Date: Mon Mar 24 2003 - 17:24:06 PST

  • Next message: Nathan K: "Re: [logs] RE: Windows Event Log Attack Signatures"

    Solaris systems attacked via the recent RPC/XDR integer overflow may
    record errors similar to the following:
    
    Mar  9 12:41:35 dummy rpcbind: xdrmem_getbytes: Incoming data too large,
    Mar  9 13:43:54 dummy rpcbind: rpcbind terminating on signal.
    Mar  9 13:44:59 dummy rpcbind: xdrmem_getbytes: Incoming data too large,
    Mar  9 13:45:32 dummy rpcbind: xdrmem_getbytes: Incoming data too large,
    
    The vulnerability is described at
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51884 and
    http://www.cert.org/advisories/CA-2003-10.html
    
    cheers -- tbird
    
    -- 
    "I knew it! I knew it! Well, not in the sense of having the slightest
    idea, but I knew there was something I didn't know."
                                     -- Willow, from "Buffy the Vampire Slayer"
    
    http://www.shmoo.com/~tbird
    Log Analysis http://www.loganalysis.org
    VPN http://vpn.shmoo.com
    
    _______________________________________________
    LogAnalysis mailing list
    LogAnalysisat_private
    http://lists.shmoo.com/mailman/listinfo/loganalysis
    



    This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 17:30:32 PST