[2065] in linux-security and linux-alert archive
[linux-security] Re: Named Overlow Concern
daemon@ATHENA.MIT.EDU (Trevor Johnson)
Mon Aug 31 10:05:37 1998
Date: Sat, 29 Aug 1998 17:30:06 -0400 (EDT)
From: Trevor Johnson <trevor@jpj.net>
To: George Brown <jawjb@bullnet.co.uk>
cc: linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.95.980821114639.5899B-100000@bull.bullnet.co.uk>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
> I am running Linux 2.0.30 (Redhat 4.2) and have recently been hacked.
>
> I have tightened up security but still feel vulnerable.
This is kind of obvious, but there have been several security problems
found and fixed in the kernel itself since 2.0.30, notably the SIGIO, IP
fragmentation, teardrop, and Pentium f0 0f problems.
> In running the program mscan which was kindly left on my system I get this.
>
> bullnet.co.uk: VULN: linux box vulnerable to named overflow.
> 194.242.135.145: VULN: redhat linux box running imapd.
>
> This is after upgrading to the versions as below.
> bind-4_9_7-0
> imap-4.1.final-0
>
> Should I be concerned.
No. The source for mscan is available on www.rootshell.com. I took a
quick look at it. It seems to just try connecting to an IMAP or DNS
server, and says the server is vulnerable if it succeeds. According to
http://www.ciac.org/ciac/bulletins/i-044a.shtml, BIND 4.9.7 doesn't have
the buffer overflow for inverse queries. The release notes for imap
4.3-BETA on ftp.cac.washington.edu:/mail/ don't mention any
security-related changes since version 4.1.
This is somewhat obvious too, and doesn't seem to apply here, but a
distribution's foo-1.0-9 is foo 1.0 with the distributor's ninth revision
of its own changes, which may have some fixes that are otherwise available
only in foo 1.1 (or in another distribution with its own changes, of
course). If you see an old notice that foo 1.0 has a bug, it may not
apply to your foo.
[mod: Red Hat had a fixed bind-4.9.6 out for a while. To prevent this
confusion they now use the bind-4.9.7 based distribution. -- REW]
__
Trevor Johnson
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null