Marcel Welschbillig wrote: > Hi, > > Im getting these strange entries in my syslog file. Can anyone shed some > light on what this means ? > > Feb 21 14:03:35 jbeam > Feb 21 14:03:35 jbeam syslogd: Cannot glue message parts together > Feb 21 14:03:35 jbeam /sbin/rpc.statd[198]: gethostbyname error for > ^X<F7><FF> > <BF>^X<F7><FF><BF>^Y<F7><FF><BF>^Y<F7><FF><BF>^Z<F7><FF><BF>^Z<F7><FF><BF>^[<F7> > <FF><BF>^[<F7><FF><BF>%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220 blah blah blah > Thanks in advance ! > > Marcel
Something along the lines of an old statd exploit. I believe this DSA[1] is the one that covers it, and also this CERT Advisory [2]. I would personally believe that the attack was unsuccessful, since it did write it to the log (rather than crash and give the attacker a shell), but the CERT advisory leads me to think otherwise. Check your version of nfs, 0.1.9.1-1 or better should be fixed. [1] http://www.debian.org/security/2000/20000719a [2] http://www.cert.org/advisories/CA-2000-17.html Hope I have helped. - Will Wesley, CCNA "Furious activity is no substitute for understanding." -- H.H. Williams -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]