Security Incidents mailing list archives
Re: amd exploit(ed)?
From: jim () JIMZ NET (Jim Zajkowski)
Date: Tue, 9 May 2000 10:57:47 -0400
On Sun, May 07, 2000 at 04:13:34PM +0000, Paulo Ribeiro wrote:
While I's checking the system, look what I've found:
May 7 01:11:19 lab syslogd: Cannot glue message parts together May 7 01:11:19 lab 27>May 7 01:11:19 amd[1047]: amq requested mount of ~HF«~IF¸°^K~Ió~MN¬~MV¸Í~@1Û~IØ@Í~@èÊÿÿÿ/bin/sh -c ls;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA May 7 01:11:19 lab AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA^Eõÿ¿^Eõÿ¿^Eõÿ¿^Eõÿ¿^Eõÿ¿, but code is disabled May 7 01:12:40 lab kernel: svc: unknown program 300019 (me 100021)
Was it an attempt to exploit amd?
Yes. There was (around August, 1999) a buffer exploit against some versions of Linux amd. The Debian page is at http://www.debian.org/security/1999/19991018a and redhat: http://www.redhat.com/support/errata/RHSA1999032_O1.html --Jim -- Jim Zajkowski System Administrator ITD Contract Services
Current thread:
- Re: Lots netbios scans (udp 137) Ben Laws (May 01)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)
- Re: Lots netbios scans (udp 137) Bryan Andersen (May 03)
- odd message showing up logs... Josh Burroughs (May 04)
- Re: odd message showing up logs... Rick Redman (May 06)
- amd exploit(ed)? Paulo Ribeiro (May 07)
- Re: amd exploit(ed)? Mike Murray (May 08)
- Re: amd exploit(ed)? Erich Meier (May 09)
- Re: amd exploit(ed)? Jim Zajkowski (May 09)
- Re: odd message showing up logs... Robert Graham (May 07)
- Port 109 Scans Eric Maiwald (May 04)
- Re: Port 109 Scans Stone (May 06)
- Re: Lots netbios scans (udp 137) Erich Meier (May 04)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 04)
- Oversized packets Paulo Ribeiro (May 04)
- Re: Oversized packets Keith Owens (May 06)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)