[SunRescue] FW: RE: http://www.cert.org/advisories/CA-2000-17.htmland Solaris...
Jonathan Katz
jon at jonworld.com
Mon Aug 21 15:37:10 CDT 2000
Poor, confused Mike wrote [ :^) ]
:> Also I have the following in my /var/adm/messages file for today:
:>
:> Aug 21 10:15:15 engsrv inetd[10827]: getpwnam: wait: No such user
:> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
:> Aug 21 10:15:15 engsrv inetd[10828]: getpwnam: wait: No such user
:> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
:> Aug 21 10:15:15 engsrv inetd[10829]: getpwnam: wait: No such user
:> Aug 21 10:15:15 engsrv inetd[331]: root: Hangup
:> Aug 21 10:15:15 engsrv inetd[331]: 100232/rpc/udp server failing
:> (looping), service terminate
Well... what's listed at port 100232 in your /etc/inetd.conf. My handy
2.6 box shows:
100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind
Which is known to be exploitable. It's your remote Solaris admin stuff.
It should be turned off unless you're using Solctice Admin.
Does 'rpcinfo -p localhost' show anything neato?
Take care!
-Jon
--
Jonathan Katz
e-mail: jon at jonworld.com
website: http://jonworld.com
proprietor: http://bachelor-cooking.com
Cell: 317-698-4023 * Pager: 800-759-8888 1770869 * FAX: 530-688-5347
More information about the rescue
mailing list