[23] in Security FYI
new security hole found in named program
daemon@ATHENA.MIT.EDU (mhpower@MIT.EDU)
Fri Nov 12 14:45:17 1999
From: mhpower@MIT.EDU
Date: Fri, 12 Nov 1999 14:45:08 -0500
Message-Id: <199911121945.OAA02533@the-oz.mit.edu>
To: security-fyi@MIT.EDU
Reply-To: net-security@MIT.EDU
A security problem has recently been found in the Unix named (DNS
name daemon) -- the problem can allow intruders to break in to your
computer remotely, gaining root access immediately in most cases.
A program apparently designed to exploit this security problem was
publicly released today, and can be found at
http://www.mit.edu:8008/menelaus/bt/12549
Although any type of Unix system is potentially vulnerable to this
security problem, depending on the specific named version installed,
the systems most likely to be vulnerable are Red Hat Linux versions
6.0 and 6.1. These are the two most popular operating systems used at
MIT that include the problematic named software version (BIND 8.2).
A software update is needed if your Unix system currently has a named
process (sometimes also called in.named) running, or if your system
is configured to start a named process at boot time.
If you are running named on a Red Hat Linux 6.0 or 6.1 system, you
should update named now in order to avoid remote root compromise. For
more information, see
http://web.mit.edu/net-security/dist/redhat/redhat.txt
A local copy at MIT of the needed software updates can be found via:
http://web.mit.edu/net-security/dist/redhat/
Additional information (also applicable to non-Linux systems) is at:
http://www.isc.org/products/BIND/bind-security-19991108.html
Matt Power
Network Security team, MIT Information Systems