[1744] in linux-security and linux-alert archive
[linux-security] Re: Re: Apparent SNMP remote-root vulnerability.
daemon@ATHENA.MIT.EDU (Jon Lewis)
Tue May 12 04:25:35 1998
Date: Tue, 12 May 1998 01:18:38 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
In-reply-to: <Pine.LNX.3.96.980510162007.508C-100000@dreish>
To: Dan Reish <dreish@izzy.net>
Cc: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
On Sun, 10 May 1998, Dan Reish wrote:
> through another round of weeding out unused daemons). Whoever did this
> has a fairly large library of vulnerabilities, since he was hopping from
> one system (not all running Linux) to the next, getting root and moving on
> quickly. So ... here are the daemons and services I had running at the
> time:
>
> named (from bind-4.9.6-7)
This has known buffer overruns...unless 4.9.6-7 is a hand fixed job by the
RedHat people. ISC released an emergency 4.x (4.9.7, I think) version and
suggested everyone should really upgrade to 8.1.2T3b.
Assuming the intruder's not reading this list, and you really want to know
how he got in, you could do a reinstall or tape restore, and setup a
sniffer to watch him break back in.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | http://noagent.com/?jl1 for cheap
Network Administrator | life insurance over the net.
Florida Digital Turnpike |
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null