Dear Linuxers,
Recently when I checked the output of my /var/log/messages it showed me this.
Jul 19 00:11:44 blwbsrv rpc.statd[573]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n\220\220\220..............................
Can somebody tell me as to what is happening here and how do I protect my machines.
Thanks in advance.
Satish Linux Newbie
Sometime on Jul 21, Satish Dasi assembled some asciibets to say:
Please fix your line length.
Jul 19 00:11:44 blwbsrv rpc.statd[573]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x %8x%236x%n%137x%n%10x%n%192x%n\220\220\220....................
statd is a known security hole. Consider not using it, or getting a patched version. It is very likely that someone is trying a buffer overflow on statd. If your version was patched, then you have nothing to worry about (yet).
Stay up to date with all security fixes.
Philip
-
Philip S Tellis -
Satish Dasi