Brock Murch <[EMAIL PROTECTED]> wrote: >I have been getting this error every so often in the syslog: > >Is this a nfs-common bug? or a syslogd bug? > >running: > >Linux brockwell 2.2.17 #2 Thu Sep 14 06:08:37 EDT 2000 i486 unknown > >all packages from the stable upgrade of that time. > > >Jan 18 19:16:45 brockwell >Jan 18 19:16:45 brockwell syslogd: Cannot glue message parts together >Jan 18 19:16:45 brockwell 173>Jan 18 19:16:45 /sbin/rpc.statd[165]: >gethostbyname error for ^X<F7><FF><BF>^X<F7><FF><BF>^Y<F7><FF> [...]
It could be someone trying an NFS exploit against your system, though potato systems shouldn't be vulnerable to it. >f<CD> >Jan 18 19:16:45 brockwell ><C7>^F/bin<C7>F^D/shA0<C0><88>F^G<89>v^L<8D>V^P<8D>N^L<89><F3><B0>^K<CD><80><B0>^A<CD><80><E8>^?<FF><FF> This, in particular, looks very suspicious. Notice the /bin/sh. Just in case, check for anything odd on your system, perhaps running debsums after booting from a floppy if you're worried about it; as I said, I don't believe you're vulnerable to this one, so instead see if you can figure out from tcpdumps or whatever who's responsible and report them to the relevant authorities. -- Colin Watson [EMAIL PROTECTED]
