Security Incidents mailing list archives

Re: amd exploit(ed)?

From: jim () JIMZ NET (Jim Zajkowski)
Date: Tue, 9 May 2000 10:57:47 -0400


On Sun, May 07, 2000 at 04:13:34PM +0000, Paulo Ribeiro wrote:

While I's checking the system, look what I've found:

May  7 01:11:19 lab syslogd: Cannot glue message parts together
May  7 01:11:19 lab 27>May  7 01:11:19 amd[1047]: amq requested mount of
~HF«~IF¸°^K~Ió~MN¬~MV¸Í~@1Û~IØ@Í~@èÊÿÿÿ/bin/sh -c
ls;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
May  7 01:11:19 lab
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA^Eõÿ¿^Eõÿ¿^Eõÿ¿^Eõÿ¿^Eõÿ¿,
but code is disabled
May  7 01:12:40 lab kernel: svc: unknown program 300019 (me 100021)

Was it an attempt to exploit amd?


Yes.  There was (around August, 1999) a buffer exploit against some
versions of Linux amd.  The Debian page is at
  http://www.debian.org/security/1999/19991018a
and redhat:
  http://www.redhat.com/support/errata/RHSA1999032_O1.html

--Jim

--
Jim Zajkowski
System Administrator
ITD Contract Services

Current thread:

Re: Lots netbios scans (udp 137) Ben Laws (May 01)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)
  - Re: Lots netbios scans (udp 137) Bryan Andersen (May 03)
  - odd message showing up logs... Josh Burroughs (May 04)
    - Re: odd message showing up logs... Rick Redman (May 06)
    - amd exploit(ed)? Paulo Ribeiro (May 07)
    - Re: amd exploit(ed)? Mike Murray (May 08)
    - Re: amd exploit(ed)? Erich Meier (May 09)
    - Re: amd exploit(ed)? Jim Zajkowski (May 09)
    - Re: odd message showing up logs... Robert Graham (May 07)
  - Port 109 Scans Eric Maiwald (May 04)
    - Re: Port 109 Scans Stone (May 06)
  - Re: Lots netbios scans (udp 137) Erich Meier (May 04)
    - Re: Lots netbios scans (udp 137) Greg A. Woods (May 04)
  - Oversized packets Paulo Ribeiro (May 04)
    - Re: Oversized packets Keith Owens (May 06)