From: Alfred HugerTo: INCIDENTS@SECURITYFOCUS.COM Subject: Cark & snmpXdmid Date: Wed, 18 Apr 2001 08:04:10 -0600 Heya folks, As was noted earlier the Cark DDoS agent is spreading via snmpXdmid: Solaris snmpXdmid Buffer Overflow Vulnerability http://www.securityfocus.com/bid/2417 So obviously, there is an exploit in the wild for the this and it's getting a fair bit of play - does anyone have a packet capture if this in action or perhaps an actual exploit? Cheers, -al VP Engineering SecurityFocus.com "Vae Victis"