possible attempt to exploit buffer overflow?

Posted on 2004-11-10
Last Modified: 2013-12-27
Nov  6 01:24:44 mail nscd[289]: [ID 461630 user.crit] gethostans: possible attempt to exploit buffer overflow while looking up

OS: Solaris 9

The above is the warning message I found in /var/adm/messages few days back. And there's only one of it.

May I know exactly what is this? I was told that the malicious attempt (if there's one) could hang the system. Is there any patches or setting I can set to prevent such attempt to occur?

The system is still running fine but prevention is better than cure.

Question by:shawnk
    LVL 38

    Assisted Solution


       nscd is Name Service Cache Daemon. It caches for name services such as NIS, DNS, LDAP...
    You can go to the URL to download the latest patch for nscd.

    The instruction to install is at the bottom of that page:
    # patchadd /var/spool/patch/104945-02


    LVL 38

    Accepted Solution

    Please apply the Solaris Recommended Patch Clusters and add the followings to
     /etc/system file:

           * Disable the ability to execute code from the stack
           * This will actively prevent many buffer overflows
           set noexec_user_stack=1

           * This will report buffer overflows
           set noexec_user_stack_log=1

    You need to reboot the box after the change.

    Author Comment

    Hi guys,
    Thanks for the info.
    Would appreciate if the admin can give yuzh's answer as "accepted answer" as well.

    Author Comment

    Hi wesly,
    Oops, the patch link you gave me above is for Solaris 8 but I'm using Solaris 9.

    Would appreciate if you have the specific patch instead of the cluster patch... wouldn't want to risk having new problems if you know what I mean...

    I looked through the Sol 9 report but there isn't any nscd patch included in there. Maybe I'm just looking at the wrong keyword.
    LVL 38

    Expert Comment


       There is no patch directly for nscd on Solaris 9. However, there is one which might related.

      You can make a request to ask to split the points.


    Author Comment

    I guess I will start resolving this issue by making the setting in /etc/system like what Yuzh has suggested and see how it goes.

    The server is actually a mail server. Not sure why the nscd daemon (in my case its purpose it's probably for hosts lookups caching purpose?) is causing this buffer overflow warning message.

    Anyway thanks guys.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
    I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
    This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now