On Wednesday 05 December 2001 20:26, you wrote: > I would imagine that the rpc.statd attack focused on overflowing a > buffer *before* the call to gethostname. All the bug patch needed to do The above log shows unsuccessful (%x wasn't expanded) rpc.statd exploitation attempt. Attacker tried to exploit format string vulnerability (not a buffer overflow!) present in rpc.statd derived with some Linux distributions (eg. RH 6.2). See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0666 -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *
This archive was generated by hypermail 2b30 : Wed Dec 05 2001 - 14:05:00 PST