Security Incidents mailing list archives
A Note On the rpc.statd exploit.
From: Max0r <max0r () SERVER5 CREATIVE-WEBS COM>
Date: Fri, 18 Aug 2000 05:10:48 -0600
Yes, there is a vulnerability in the rpc.statd server. Although, from looking at the only public exploit I could find, (packetstorm). It requires the attacker to manually specify the return address to manupulate the padding/offset, of the attack. While people with minimal knowledge will be able to find out the address for common OS/Architectures, 99% of script kiddies will just get confused and give up. I am sure there are private exploits out there that have predefined SP/Ret addrs, which will facilitate easy compromise of vulnerable systems, but most of the attacks you'll see will be blind attempts by cluebie kids. But this is no excuse for you not to patch your systems. -Max
Current thread:
- A Note On the rpc.statd exploit. Max0r (Aug 18)