Yes, and if you were running Debian with http://security.debian.org/
properly configured in /etc/apt/sources.list, your vulnerable binaries
would ahve been upgraded the next time you ran the package manager.
See, especially: http://www.debian.org/security/1999/19991116
-- Mike
On Sat, 22 Apr 2000, Derek Martin wrote:
> I've posted numerous messages about this on GNHLUG, but not here on BLU,
> so I figured I'd offer a brief summary. This past Friday, my RH6.1 machine
> was compromised. /bin/login was replaced with a version that allowed
> anyone to log in as root with no password, and telnet (which I normally
> don't allow at all) was re-enabled.
>
> This was apparently achieved by exploiting a bug in BIND 8.2, about which
> CERT has released an advisory:
>
> http://www.cert.org/advisories/CA-99-14-bind.html
> * * *
> I'm going to start running an IDS and log to a different machine, and I'd
> recommend that if you have a Linux box connected to the internet that you
> do the same. But above all, go get your BIND up to date.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
