Security Incidents: Port 524: compromised machine with ndsd

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Port 524: compromised machine with ndsd

From: Jens Hektor <hektor () RZ RWTH-AACHEN DE>
Date: Fri, 27 Oct 2000 22:57:20 +0100

Hi,

I have just discovered a compromised machine
(Redhat 6.2) with port 524 open, running on
that service "ndsd - Novell Directory Service
(NDS) daemon".

The machine was scanning our site for port
telnet and is itself rootshelled on some other
port.

Admins have been notified.

So maybe there is a vulnerability in ndsd, I think
I must have missed something in the last
security announcements. But could be the standard
wu-ftpd or rpc.statd compromise also.

Bye, Jens Hektor

By Date By Thread

Current thread:

Re: Port 524: compromised machine with ndsd Jens Hektor (Nov 01)
- <Possible follow-ups>
- Port 524: compromised machine with ndsd Jens Hektor (Nov 01)
- Re: Port 524: compromised machine with ndsd Jens Hektor (Nov 02)