Those daemons have been exploitable for a lot longer than a year, but
they're no reason to use another O/S over Linux. If they hadn't fixed the
setid bug in pre 2.2.16 kernels, you'd have a good reason however ;)
Just turn those services off, and replace the ones you _need_ with better
ones. Most Linux distros (and some other *nixes) install default services
that rate them right up there with Win32 for ease of gaining unauthorized
entry, or at least allowing easy denial of service.
Adding chains is very easy, and even easier to copy your rules from server
to server.
> I would suggest anyone that wish to run Cold Fusion on a linux box should
> take a good look at security before they do so. I used to be able to fool
> around with Cold Fusion in my spare time about a year ago, until the bind,
> wu-ftpd, and rpc.statd exploits hit. I have cleaned probably over 100
> servers since then. I love running Cold Fusion on RedHat, I prefer it to
> NT. However you wouldn't see me putting any production box online without
> heavily filtering everything with ipchains. I have been so frustrated
with
> RedHat I decided to take a swing at FreeBSD and OpenBSD, and that looks
like
> where I will be staying ;)
>
> Rob Burtelow
> Senior SMC Staff/Network Security Specialist
> [EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
