[1826] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Named update for RH 4.2 exploitable?

daemon@ATHENA.MIT.EDU (James Rem)
Sat Jun 6 19:35:19 1998

Date: Sat, 06 Jun 1998 18:38:13 -0300
To: linux-security@redhat.com
From: James Rem <jamesrem@techlink-ltd.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

I don't know if the new rpm's fix all the problems but I would 
ask your friend several questions (forgive me if these are obvious) 

1) did your friend reload RH from the CD?
2) did they apply all the new rpms?
3) are they sure that there are no security flaws in their cgi-bin
directories?
4) What makes them believe they are being hacked by the named problem?

When I was hacked the first time the person had the nerve/insight while
someone was talking to him over IRC to change /bin/login 
to accept a static password for root.  Once you have been hacked
there is very few alternatives to most Linux mortals than to reloading the
os if you would like to avoid future hacks.

At 01:27 AM 6/6/98 -0700, you wrote:
>Someone I was speaking with this evening claimed they have installed the
>latest named rpms yet they are still getting exploited daily and being
>hacked.  Do the latest rpm's for the named 4.9.x stuff fix all the root
>exploits or is this person just an idiot who probably has holes elsewhere in
>the system?
>
>-- 
>----------------------------------------------------------------------
>Please refer to the information about this list as well as general
>information about Linux security at http://www.aoy.com/Linux/Security.
>----------------------------------------------------------------------
>
>To unsubscribe:
>  mail -s unsubscribe linux-security-request@redhat.com < /dev/null
>

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post