GEN:SID 1:2184
Message RPC mountd TCP mount path overflow at103
Summary This event is generated when an attempt is made to exploit a known vulnerability in the xlog function of certain Linux NFS Utils packages.

Specifically this event is generated when TCP is used as the attack medium.
Impact Denial of Service (DoS), possible arbitrary code execution.
Detailed Information The mountd Remote Procedure Call (RPC) implements the NFS mount protocol. A vulnerability exists in some versions of the Linux NFS Utilities package prior to 1.0.4 that can lead to the possible execution of arbitrary code or a DoS against the affected server.

A programming error in the xlog function may be exploited by an attacker by sending RPC requests to mountd that do not contain any newline characters. This causes a buffer to overflow thus presenting the attacker with the opportunity to execute code.
Affected Systems Systems using Linux NFS Utils prior to version 1.0.4.
Attack Scenarios An attacker may send a specially crafted RPC request or mount command to the NFS server that does not contain any newline characters.
Ease of Attack Moderate.
Corrective Action Limit remote access to RPC services.

Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.

Disable unneeded RPC services.

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.
Additional References  
Rule References Error: Unknown reference type: BACKDOOR subseven 22
arachnids: 485
url: www.hackfix.org/subseven/