[SunRescue] FW: RE: http://www.cert.org/advisories/CA-2000-17.htmland Solaris...

MikeHebeldruaga at pmail.net MikeHebeldruaga at pmail.net
Mon Aug 21 15:27:03 CDT 2000 

Thanks for the help and sorry for the mistake if I made it!  Either I missed
it or it didn't say Solaris this morning when I first looked at it.

Either way we're behind a corporate firewall and when I asked they said that
they had no log of any activity towards our server's IP address.  Either way
I still need to find out why I got the other messages in the log.:

> Also I have the following in my /var/adm/messages file for today:
>
> Aug 21 10:15:15 engsrv inetd[10827]: getpwnam: wait: No such user
> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
> Aug 21 10:15:15 engsrv inetd[10828]: getpwnam: wait: No such user
> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
> Aug 21 10:15:15 engsrv inetd[10829]: getpwnam: wait: No such user
> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
> Aug 21 10:15:15 engsrv inetd[331]: 100232/rpc/udp server failing
> (looping), service terminate

Any ideas?

Mike Hebel

-----Original Message-----
From: rescue-admin at sunhelp.org [mailto:rescue-admin at sunhelp.org]On
Behalf Of Jonathan Katz
Sent: Monday, August 21, 2000 2:57 PM
To: Rescue at Sunhelp. Org
Subject: Re: [SunRescue] FW: RE:
http://www.cert.org/advisories/CA-2000-17.htmland Solaris...


Hey there!

In the CERT release it flat out says:

>> Sun Microsystems, Inc.
>>
>> Our rpc.statd is not vulnerable to this buffer overflow.

If you read the release you'd see in the 'Overview':

>> "... This program is included, and often installed by default, in
>> several popular Linux distributions."

This advisory is for Linux's rpc.statd and no-one else's. However, in the
past there have been lots of exploits for many different people's
rpc.statd. You should always run the latest patches regardless... and if
your box is out on the 'net (like my poor corinne is) turn off as much
as you can. I have inetd running solely for launching tcp-wrappers around
qmail and in.telnetd.

Take care.

-Jon
--
Jonathan Katz
e-mail: jon at jonworld.com
website: http://jonworld.com
proprietor: http://bachelor-cooking.com
Cell: 317-698-4023 * Pager: 800-759-8888 1770869 * FAX: 530-688-5347

_______________________________________________
Rescue maillist  -  Rescue at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/rescue

More information about the rescue mailing list