On Mon, Jul 02, 2001 at 09:51:44PM +0200, [EMAIL PROTECTED] wrote: > On Mon, 2 Jul 2001, Guest section DW wrote: > > > On Mon, Jul 02, 2001 at 05:16:23PM +0100, Alan Cox wrote: > > > > > > I'm running RedHat 7.0 with all official RH patches applied. The kernel I > > > > currently run fow a few days is 2.2.19-7.0.8 > > > > I run the pre-compiled kernel of RH. Suddenly I the following messages: > > > > > > > > Jul 2 15:12:16 gateway SERVER[1240]: Dispatch_input: bad request line > > > > 'BBXXXXXXXXXXXXXXXXXX%.176u%3 > > > > >00$nsecurity.%301$n%302$n%.192u%303$n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\22 > > > > > These are for an application. Not sure which or why > > > > See CERT Advisory CA-2000-22 > > http://www.infowar.com/iwftp/cert/advisories/CA-2000-22.html > > > > "A popular replacement software package to the BSD lpd printing service > > called LPRng contains at least one software defect, known as a "format string > > vulnerability," which may allow remote users to execute arbitrary code on > > vulnerable systems." > > I just read the article. It seems somebody tried to exploid a bug in > LPRng. Unfortunately I didn't check the TCP/IP connections at the time of > attack (with netstat), so I couldn't tell who was connected to port 515. > The article suggest upgrading to 3.6.25. I'm currenlty running 3.7.4-23. > I assume I'm not vulnerable, but those 'errors' in the logfile really > scared the heck out of me! :) To be certain, I just blocked poort 515 for > outbound connections. :) > > Bye the way, sorry this message was off-topic, but I didn't know it was a > LPRng issue, not a kernel issue. A good idea is to block all ports, then open only those you know needs to be open. Paranoia is good. /David _ _ // David Weinehall <[EMAIL PROTECTED]> /> Northern lights wander \\ // Project MCA Linux hacker // Dance across the winter sky // \> http://www.acc.umu.se/~tao/ </ Full colour fire </ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/