[ale] Lion worm and Linux
Jonathan Rickman
infosec at alltel.net
Tue Mar 27 11:01:58 EST 2001
On Tue, 27 Mar 2001, Armsby John-G16665 wrote:
> My group has an apache server running on Unix. Our IT organization did
>not know if it was a Linux server or what and sent this note to me. As
>it turns out my server is probably not affected (HP). Is this data old
>news? I thought I would throw it out... I have read that "older"
>versions of BIND had problems but don't recall which latest version is
>"safe".....
In short, it is my opinion that no version of bind is safe unless run in
a chroot environment.
My opinions aside, here are the facts...
"ISC has discovered or has been notified of several bugs which can
result in vulnerabilities of varying levels of severity in
BIND as distributed by ISC. Upgrading to BIND version 9.1 is
strongly recommended. If that is not possible for your site,
upgrading at least to BIND version 8.2.3 is imperative."
and the bug itself :
"Name: "tsig bug"
Versions affected: 8.2, 8.2-P1, 8.2.1, 8.2.2-P1, 8.2.2-P2, 8.2.2-P3,
8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7, and all 8.2.3-betas
Severity: CRITICAL
Exploitable: Remotely
Type: Access possible.
Description: It is possible to overflow a buffer handling TSIG signed
queries, thereby obtaining access to the system.
Workarounds: None. ( Note : I love Bind :( )
Active Exploits: Exploits for this bug exist.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list