Security Incidents mailing list archives
Re: amd exploit(ed)?
From: Erich.Meier () INFORMATIK UNI-ERLANGEN DE (Erich Meier)
Date: Tue, 9 May 2000 12:07:36 +0200
On Sun, May 07, 2000 at 04:13:34PM +0000, Paulo Ribeiro wrote:
Hi, all. While I's checking the system, look what I've found: May 7 01:11:19 lab syslogd: Cannot glue message parts together May 7 01:11:19 lab 27>May 7 01:11:19 amd[1047]: amq requested mount of
[...]
~HF«~IF¸°^K~Ió~MN¬~MV¸Í~@1Û~IØ@Í~@èÊÿÿÿ/bin/sh -c ls;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA May 7 01:11:19 lab AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA^Eõÿ¿^Eõÿ¿^Eõÿ¿^Eõÿ¿^Eõÿ¿, but code is disabled May 7 01:12:40 lab kernel: svc: unknown program 300019 (me 100021) Was it an attempt to exploit amd?
That's the signature of a well-known amd exploit (see securityfocus). If you're running an i386 Linux machine, congratulations, you've been hacked. Erich -- Erich Meier Erich.Meier () informatik uni-erlangen de http://www4.informatik.uni-erlangen.de/~meier/ "There has been much talk about component architectures but only one true success: Unix pipes." (R. Pike)
Current thread:
- Re: Lots netbios scans (udp 137) Ben Laws (May 01)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)
- Re: Lots netbios scans (udp 137) Bryan Andersen (May 03)
- odd message showing up logs... Josh Burroughs (May 04)
- Re: odd message showing up logs... Rick Redman (May 06)
- amd exploit(ed)? Paulo Ribeiro (May 07)
- Re: amd exploit(ed)? Mike Murray (May 08)
- Re: amd exploit(ed)? Erich Meier (May 09)
- Re: amd exploit(ed)? Jim Zajkowski (May 09)
- Re: odd message showing up logs... Robert Graham (May 07)
- Port 109 Scans Eric Maiwald (May 04)
- Re: Port 109 Scans Stone (May 06)
- Re: Lots netbios scans (udp 137) Erich Meier (May 04)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 04)
- Oversized packets Paulo Ribeiro (May 04)
- Re: Oversized packets Keith Owens (May 06)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)