On Sat, Jan 22, 2000 at 04:37:23PM -0500, [EMAIL PROTECTED] wrote:
> Hi linux-net !
> This might be off-topic but interesting for people running
> name servers.
> My friends report that they were cracked last week via the
> recent bug in bind-8.2.2.
Yes... There are a couple of known holes in 8.2.2. You need to
be on 8.2.2pl5 or above at this point. You don't say what distro they
were running, but RedHat, Slackware and the rest have has security
updates out for bind for quite some time. RedHat 6.1 IS vulnerable if
you haven't applied the bind-8.2.2_P3-1 update (it says it's P3 but
it DOES have the correct patch applied).
That patch has been out since Nov 11. It's been out there two months.
You have to keep up on security patches!
> Symptoms:
> 1. Named suddenly dies,
> 2. Some binaries like
> ifconfig, dir, du, top, ls, netstat
> were changed,
> 3. New binary /usr/sbin/task were added.
> 4. Lines launching new services in /etc/inetd.conf
> etc
Yup... Got rooted and got a root kit installed.
> Just update and be careful...
> Timur Bolokhov
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
