[1744] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Apparent SNMP remote-root vulnerability.

daemon@ATHENA.MIT.EDU (Jon Lewis)
Tue May 12 04:25:35 1998

Date: Tue, 12 May 1998 01:18:38 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
In-reply-to: <Pine.LNX.3.96.980510162007.508C-100000@dreish>
To: Dan Reish <dreish@izzy.net>
Cc: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Sun, 10 May 1998, Dan Reish wrote:

> through another round of weeding out unused daemons).  Whoever did this
> has a fairly large library of vulnerabilities, since he was hopping from
> one system (not all running Linux) to the next, getting root and moving on
> quickly.  So ... here are the daemons and services I had running at the
> time:
> 
> named (from bind-4.9.6-7)

This has known buffer overruns...unless 4.9.6-7 is a hand fixed job by the
RedHat people.  ISC released an emergency 4.x (4.9.7, I think) version and
suggested everyone should really upgrade to 8.1.2T3b.

Assuming the intruder's not reading this list, and you really want to know
how he got in, you could do a reinstall or tape restore, and setup a
sniffer to watch him break back in.
 
------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net>  |  http://noagent.com/?jl1 for cheap 
 Network Administrator       |  life insurance over the net.
 Florida Digital Turnpike    |  
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post