[SunRescue] FW: RE: http://www.cert.org/advisories/CA-2000-17.html and Solaris...
MikeHebeldruaga at pmail.net
MikeHebeldruaga at pmail.net
Mon Aug 21 14:26:00 CDT 2000
Help!
I sent the letter below to Cert but got only an automated response.
Does anyone know the answers to these two questions?
Mike Hebel
> -----Original Message-----
> From: Hebel, Mike
> Sent: Monday, August 21, 2000 13:50
> To: 'cert at cert.org'
> Subject: RE: http://www.cert.org/advisories/CA-2000-17.html and
> Solaris...
>
> Dear CERT,
>
> I notice that Solaris is not listed in the vendor specific vulnerability
> list for this vulnerability - does this mean that Solaris 2.x is not
> vulnerable to this attack?
>
> Also I have the following in my /var/adm/messages file for today:
>
> Aug 21 10:15:15 engsrv inetd[10827]: getpwnam: wait: No such user
> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
> Aug 21 10:15:15 engsrv inetd[10828]: getpwnam: wait: No such user
> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
> Aug 21 10:15:15 engsrv inetd[10829]: getpwnam: wait: No such user
> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
> Aug 21 10:15:15 engsrv inetd[331]: 100232/rpc/udp server failing
> (looping), service terminate
>
> This runs from 10:15:00 to 10:15:15 am where it fails with the above
> message.
>
> I'm new to Solaris admin but a 10 year I/T vet - my gut feel is that this
> is a port scan for root on an open port but I don't know for sure which
> is why I'm asking you.
>
> Any information you would be able to give me would be helpful.
>
> Thanks in advance!
>
> Sincerely,
>
> Mike Hebel
> I/T Administrator
> Methode Electronics - Network Bus Products
> Phone:(847)577-9545 xt 27
> Fax:(847)577-9689
More information about the rescue
mailing list