Security Incidents mailing list archives
Re: /tmp/bob on compromised system
From: "Jeffrey F. Lawhorn" <jeffl () wanet net>
Date: Wed, 26 Jul 2000 14:33:02 -0700
In message <20000726122251.1874.qmail () securityfocus com>, Fredrik Ostergren sai d:
Well, all the stuff about rpc.statd is bullshit. First of all, rpc.statd isn't vurnable in SunOS 5.7. The attacker was exploiting rpc.cmsd. 100% sure. Contact me for more info at: fredrik.ostergren () freebox com.
um... do a quick search at http://packetstorm.securify.com/ for rpc.statd. There is a version there that claims to work on Solaris 2.5.1 through 2.7, both x86 & SPARC. jeffl -- Jeffrey F. Lawhorn |Internet Security Consulting Software Design Associates, Inc. |IDS Monitoring/Reporting jeffl () wanet net 619-679-5900 voice |Expunge Intruders http://www.wanet.net/ 619-679-2327 fax | Finger jeffl () wanet net for PGP Public Key. Insist on Quality! WANet.Net is an ISP/C Member - http://www.ispc.org/
Attachment:
_bin
Description:
Current thread:
- /tmp/bob on compromised system Russell Fulton (Jul 24)
- Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 25)
- Protect rpc.statd by tcp wrapper? (was Re: /tmp/bob on compromised system Ralf G. R. Bergs (Jul 27)
- Re: /tmp/bob on compromised system Joseph Pingenot (Jul 25)
- Re: /tmp/bob on compromised system Fredrik Ostergren (Jul 26)
- Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 27)
- <Possible follow-ups>
- Re: /tmp/bob on compromised system Matt Merhar (Jul 25)
- Re: /tmp/bob on compromised system Security (Jul 26)
- Re: /tmp/bob on compromised system Adam Pendleton (Jul 25)
- Re: /tmp/bob on compromised system Rob McCauley (Jul 26)
- Re: /tmp/bob on compromised system Granquist, Lamont (Jul 27)
- Re: /tmp/bob on compromised system Russell Fulton (Jul 28)
- Re: /tmp/bob on compromised system Rob McCauley (Jul 26)
- Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 25)
- Re: /tmp/bob on compromised system Jens Oeser (Jul 25)
- Re: /tmp/bob on compromised system Lynch Sean (Jul 26)