possible attempt to exploit buffer overflow?

Nov  6 01:24:44 mail nscd[289]: [ID 461630 user.crit] gethostans: possible attempt to exploit buffer overflow while looking up linux.somesite.com.my

OS: Solaris 9

The above is the warning message I found in /var/adm/messages few days back. And there's only one of it.

May I know exactly what is this? I was told that the malicious attempt (if there's one) could hang the system. Is there any patches or setting I can set to prevent such attempt to occur?

The system is still running fine but prevention is better than cure.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


   nscd is Name Service Cache Daemon. It caches for name services such as NIS, DNS, LDAP...
You can go to the URL to download the latest patch for nscd.

The instruction to install is at the bottom of that page:
# patchadd /var/spool/patch/104945-02


Please apply the Solaris Recommended Patch Clusters and add the followings to
 /etc/system file:

       * Disable the ability to execute code from the stack
       * This will actively prevent many buffer overflows
       set noexec_user_stack=1

       * This will report buffer overflows
       set noexec_user_stack_log=1

You need to reboot the box after the change.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shawnkAuthor Commented:
Hi guys,
Thanks for the info.
Would appreciate if the admin can give yuzh's answer as "accepted answer" as well.
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

shawnkAuthor Commented:
Hi wesly,
Oops, the patch link you gave me above is for Solaris 8 but I'm using Solaris 9.

Would appreciate if you have the specific patch instead of the cluster patch... wouldn't want to risk having new problems if you know what I mean...

I looked through the Sol 9 report but there isn't any nscd patch included in there. Maybe I'm just looking at the wrong keyword.

   There is no patch directly for nscd on Solaris 9. However, there is one which might related.

  You can make a request to ask to split the points.

shawnkAuthor Commented:
I guess I will start resolving this issue by making the setting in /etc/system like what Yuzh has suggested and see how it goes.

The server is actually a mail server. Not sure why the nscd daemon (in my case its purpose it's probably for hosts lookups caching purpose?) is causing this buffer overflow warning message.

Anyway thanks guys.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.