On Tue, Jan 09, 2001 at 12:31:59PM -0800, [EMAIL PROTECTED] wrote:
> I got the following (alarming) messages on syslog:
>
> Jan 8 13:34:23 yuban syslogd: Cannot glue message parts together Jan
> 8 13:34:23 yuban /sbin/rpc.statd[159]: gethostbyname error for
>
>^X\xf7\xff\xbf^X\xf7\xff\xbf^Y\xf7\xff\xbf^Y\xf7\xff\xbf^Z\xf7\xff\xbf^Z\xf7\xff\xbf^[\xf7\xff\xbf^[\xf7\xff\xbf%8x%8x%8x%8x%8x%8x%8x%8x%8
> x%236x%n%137x%n%10x%n%192x%n\220
> it looks like an attack (specially when I see /bin/sh hidden in
> there). I searched the lists and it seems that this problem should
> have been corrected before potato was released. Any reason for
> worries, or is there any reason why I should think it was an
> unsuccessful attack?
If it had been a successful attack, the %x and %n's in the above would
not have come through to syslog; it would have crashed well beforehand.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| [EMAIL PROTECTED] | | [EMAIL PROTECTED] |
\--------------------------------/ \--------------------------------/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
