GEN:SID 1:1905
Message RPC AMD UDP amqproc_mount plog overflow attempt
Summary This event is generated when an attempt is made to exploit a buffer overflow associated with the Remote Procedure Call (RPC) amd program.
Impact Remote root access.  This attack can permit execution of arbitrary commands with the privileges of the user running amd, typically root.
Detailed Information The amd RPC service implements the automounter daemon on UNIX hosts.  Amd automatically mounts and unmounts requested file systems.  There is a buffer overflow associated with amd logging that can allow the execution of arbitrary commands with the privileges of the user running amd, typically root.
Affected Systems BSDI BSD/OS 3.1, 4.0.1
FreeBSD 3.0, 3.1, 3.2
RedHat Linux 4.2, 5.0, 5.1, 5.2, 6.0
Attack Scenarios An attacker can query the portmapper to discover the port where amd runs and then attack the amd port.  Alternatively, an attacker may attempt to execute the exploit code on any listening port in the RPC range if the portmapper is blocked.
Ease of Attack Simple.  Exploit code is freely available.
Corrective Action Limit remote access to RPC services.

Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.

Disable unneeded RPC services.
Additional References Bugtraq
http://www.securityfocus.com/bid/614

CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0704

Rule References bugtraq: 614
cve: 1999-0704