[SunRescue] FW: RE: http://www.cert.org/advisories/CA-2000-17.html and Solaris...

MikeHebeldruaga at pmail.net MikeHebeldruaga at pmail.net
Mon Aug 21 14:26:00 CDT 2000


Help!

I sent the letter below to Cert but got only an automated response.

Does anyone know the answers to these two questions?

Mike Hebel


>  -----Original Message-----
> From: 	Hebel, Mike  
> Sent:	Monday, August 21, 2000 13:50
> To:	'cert at cert.org'
> Subject:	RE: http://www.cert.org/advisories/CA-2000-17.html and
> Solaris...
> 
> Dear CERT,
> 
> I notice that Solaris is not listed in the vendor specific vulnerability
> list for this vulnerability - does this mean that Solaris 2.x is not
> vulnerable to this attack?
> 
> Also I have the following in my /var/adm/messages file for today:
> 
> Aug 21 10:15:15 engsrv inetd[10827]: getpwnam: wait: No such user
> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
> Aug 21 10:15:15 engsrv inetd[10828]: getpwnam: wait: No such user
> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
> Aug 21 10:15:15 engsrv inetd[10829]: getpwnam: wait: No such user
> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
> Aug 21 10:15:15 engsrv inetd[331]: 100232/rpc/udp server failing
> (looping), service terminate
> 
> This runs from 10:15:00 to 10:15:15 am where it fails with the above
> message. 
> 
> I'm new to Solaris admin but a 10 year I/T vet - my gut feel is that this
> is a port scan for root on an open port but I don't know for sure which
> is why I'm asking you.
> 
> Any information you would be able to give me would be helpful.
> 
> Thanks in advance!
> 
> Sincerely,
> 
> Mike Hebel
> I/T Administrator
> Methode Electronics - Network Bus Products
> Phone:(847)577-9545 xt 27
> Fax:(847)577-9689





More information about the rescue mailing list