Compromised RH6.1 system
Mike Bilow
mikebw at colossus.bilow.com
Fri Apr 28 10:21:54 EDT 2000
Yes, and if you were running Debian with http://security.debian.org/
properly configured in /etc/apt/sources.list, your vulnerable binaries
would ahve been upgraded the next time you ran the package manager.
See, especially: http://www.debian.org/security/1999/19991116
-- Mike
On Sat, 22 Apr 2000, Derek Martin wrote:
> I've posted numerous messages about this on GNHLUG, but not here on BLU,
> so I figured I'd offer a brief summary. This past Friday, my RH6.1 machine
> was compromised. /bin/login was replaced with a version that allowed
> anyone to log in as root with no password, and telnet (which I normally
> don't allow at all) was re-enabled.
>
> This was apparently achieved by exploiting a bug in BIND 8.2, about which
> CERT has released an advisory:
>
> http://www.cert.org/advisories/CA-99-14-bind.html
> * * *
> I'm going to start running an IDS and log to a different machine, and I'd
> recommend that if you have a Linux box connected to the internet that you
> do the same. But above all, go get your BIND up to date.
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list