Security Incidents mailing list archives

Re: syslogd exploit? (fwd)

From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Wed, 22 Mar 2000 10:16:35 +0100


On Mon, 20 Mar 2000, Bill Cassady wrote:

Why was amd trying to remount something? what?


Someone was feeding an exploit to amd. (There are known amd exploits out
there.)

Mar 16 17:13:49 osiris syslogd: Cannot glue message parts together
Mar 16 17:13:49 osiris 30>Mar 16 17:13:48 amd[136]: amq requested mount o=
f ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^=
P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P=

....

P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P=
^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^=
P^P^P^P^P^P^P^P^P^P^P^P^P
Mar 16 17:13:49 osiris p/h;/usr/sbin/inetd /tmp/h &#^PRr^??Rr^??Rr^??Rr^?=

                          ^^^^^^^^^^^^^^^^^^^^^^^^

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Current thread:

what are these? Dirk Koopman (Mar 16)
- Re: what are these? Peter Bates (Mar 17)
- syslogd exploit? (fwd) Bill Cassady (Mar 20)
  - Re: syslogd exploit? (fwd) Erich Meier (Mar 22)
  - Re: syslogd exploit? (fwd) Pavel Kankovsky (Mar 22)
  - Re: syslogd exploit? (fwd) Jeffrey F. Lawhorn (Mar 22)
- Re: what are these? Imran Ghory (Mar 21)
- <Possible follow-ups>
- Re: what are these? Fernando Cardoso (Mar 17)
- Re: what are these? Chris Adams (Mar 20)