Preface: rpc.statd with automountLogo -Internet Security Systems

rpc.statd with automount
advICE :Intrusions : 2001716
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Intrusion.

Details

An attacker is using the statd service to execute an automount command on the local system. The automount command is "tunneled" through the statd service, and can be used to execute arbitrary commands on the attacked system.

 more information
CERT: CA-99-05-statd-automountd  
 
BugtraqID: 729   Multiple Vendor Automountd Vulnerability
Executes a buffer overflow against the rpc.automountd through the rpc.statd service.  
CVE-1999-0493   rpc.statd forwarding
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.  
CIAC: J-045  
  
 
Version appeared: 1.8.5.5
Privacy Policy |  Copyright Info