Preface: rpc.statd overflowLogo -Internet Security Systems

rpc.statd overflow
advICE :Intrusions : 2001702
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Intruder is attempting to exploit known vulnerabilities in the statd service.

Details

This signature triggers on a number of different conditions.

The first condition is when there is an obvious buffer overflow. In 1998, Solaris machines throughout the Internet where compromised by a buffer overflow vulnerability within statd.

The second condition is when a long name is seen with binary characters. In the second half of the year 2000, a format string vulnerability was found in popular distributions of Linux. Like the Solaris bug of two years earlier, numerous machines throughout the Internet were compromised by this exploit.

Defense

Examine the targetted system. Make sure the latest patches are installed. Be advised that statd should not be exposed to the Internet.

 more information
BugtraqID: 127   Multiple Vendor Statd Buffer Overflow Vulnerability
 
CERT: CA-97.26.statd  
 
AUSCERT: AA-97.29  
 
advICE: Buffer overflows  
More about this general class of attacks, which is the root cause of many attacks on the Internet.  
CVE-1999-0018   statd root compromise
 

 parametric information
lengthThe length field - this number is larger than expected, thus indicating a possible buffer overflow attempt.

 
Version appeared:
Privacy Policy |  Copyright Info