Preface: rpc.statd Format AttackLogo -Internet Security Systems

rpc.statd Format Attack
advICE :Intrusions : 2001737
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?

Summary

Probably attack against the rpc.yppasswd buffer overflow vulnerability.

Details

This service allows users to change their network passwords in a YP (Yellow Pages) environment. A remote buffer overflow vulnerability exists, and there are active exploit scripts in the wild exploiting this. Since this service must run with root/superuser privileges, a successful exploit gives the intruder full control over the machine.

Action

This service is only needed for backwards compatibility. It should be disabled in most networks. If you must run this service on your servers, then obtain the latest patch.

Systems Affected


Sun Solaris 8.0
Sun Solaris 7.0 (2.7)
Sun Solaris 2.6

Trigger

This event triggers when any of the input strings to the UPDATE procedure exceed 64-characters.

 more information
BugtraqID: 1480   Multiple Linux Vendor rpc.statd Remote Format String Vulnerability
 
CVE-2000-0666  
 
rpc.statd  
More information about this RPC service.  

 parametric information
lengthThe length of the input into the field.
dataSome of the data sent as input to the field.
fieldThe name of the field.

 
Version appeared: 3.0
Privacy Policy |  Copyright Info