Security Incidents mailing list archives

Re: /tmp/bob on compromised system

From: "Jeffrey F. Lawhorn" <jeffl () wanet net>
Date: Wed, 26 Jul 2000 14:33:02 -0700


In message <20000726122251.1874.qmail () securityfocus com>, Fredrik Ostergren sai
d:


Well, all the stuff about rpc.statd is bullshit. First of
all, rpc.statd isn't vurnable in SunOS 5.7. The attacker
was exploiting rpc.cmsd. 100% sure. Contact me for more
info at: fredrik.ostergren () freebox com.


um... do a quick search at http://packetstorm.securify.com/ for rpc.statd.
There is a version there that claims to work on Solaris 2.5.1 through 2.7, both x86 & SPARC.

jeffl

--
Jeffrey F. Lawhorn                       |Internet Security Consulting
Software Design Associates, Inc.         |IDS Monitoring/Reporting
jeffl () wanet net       619-679-5900 voice |Expunge Intruders
http://www.wanet.net/ 619-679-2327 fax   |
Finger jeffl () wanet net for PGP Public Key.

Insist on Quality! WANet.Net is an ISP/C Member - http://www.ispc.org/

Attachment: _bin
Description:

Current thread:

/tmp/bob on compromised system Russell Fulton (Jul 24)
- Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 25)
  - Protect rpc.statd by tcp wrapper? (was Re: /tmp/bob on compromised system Ralf G. R. Bergs (Jul 27)
- Re: /tmp/bob on compromised system Joseph Pingenot (Jul 25)
- Re: /tmp/bob on compromised system Fredrik Ostergren (Jul 26)
  - Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 27)
- <Possible follow-ups>
- Re: /tmp/bob on compromised system Matt Merhar (Jul 25)
  - Re: /tmp/bob on compromised system Security (Jul 26)
- Re: /tmp/bob on compromised system Adam Pendleton (Jul 25)
  - Re: /tmp/bob on compromised system Rob McCauley (Jul 26)
    - Re: /tmp/bob on compromised system Granquist, Lamont (Jul 27)
    - Re: /tmp/bob on compromised system Russell Fulton (Jul 28)
- Re: /tmp/bob on compromised system Jens Oeser (Jul 25)
- Re: /tmp/bob on compromised system Lynch Sean (Jul 26)