[1834] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Named update for RH 4.2 exploitable?

daemon@ATHENA.MIT.EDU (Bryan C. Andregg)
Sun Jun 7 11:02:59 1998

To: linux-security@redhat.com
From: bryan@redhat.com (Bryan C. Andregg)
Date: 7 Jun 1998 14:35:37 GMT
Reply-To: bryan@redhat.com
Resent-From: linux-security@redhat.com

On Sat, 6 Jun 1998 01:27:51 -0700, <jiva@devware.com> wrote:
> Someone I was speaking with this evening claimed they have installed the
> latest named rpms yet they are still getting exploited daily and being
> hacked.  Do the latest rpm's for the named 4.9.x stuff fix all the root
> exploits or is this person just an idiot who probably has holes elsewhere in
> the system?

This person is a twit. I have presonally tested all of the updates on several
different versions of Red Hat and none of them are still exploitable.

It is true that fake-iquery is still defined, but this in and of itself is not
a problem.

Make sure that this person has restarted named once they applied the updates.

Note: if they didn't do this and were hacked then there is no telling what
else is now vulnerable on the system.


[mod: The official Red Hat fixes are called "4.9.6-..." because the
same fix that went into the official 4.9.7 was applied by Red Hat onto
the then-current 4.9.6. Bryan, Eric, you're scaring people by having
them run a 4.9.6 named, while it is known to be vulnerable.... -- REW]

-- 

                Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software

"So hang the brand-name ego at the door and think about what I'm saying" -
	Peter Da Silva

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post