Subject: Re: Code-red worm (snicker snicker...)
To: Michael Kukat <michael@unixiron.org>
From: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
List: netbsd-users
Date: 08/02/2001 20:51:33
On Thu, 2 Aug 2001, Michael Kukat wrote:
> Depends on the nature of the overflow, how it handles it. Maybe some only can
> run binary code, as bytes of the running binary are replaced, and others might
> be able to execute a completely new program, like one of those shell scripts.
> Remember this statd (or was it lockd)-bug in Linux? I have seen it from the
> inside, as i got such a hacked disk into my hands to analyze it. This was exact
> the thing i mentioned, a little bunch of shell commands, opening a root shell
> on some port >1024.

The question the is how that script got there in the first place.

And yes, I still see these rstatd-probes regularly on the console of my
NetBSD systems.


 - Hubert

-- 
Want to get a clue on IPv6 but don't know where to start? Try this:
* Basics -> http://www.onlamp.com/pub/a/onlamp/2001/05/24/ipv6_tutorial.html
* Setup  -> http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html 
Of course with your #1 IPv6 ready operating system -> http://www.NetBSD.org/