http://www.cnn.com/2001/TECH/internet/03/23/linux.worm.idg/index.html -- Christopher W. Aiken Scenery Hill, Pa, USA chris at cwaiken dot com www.cwaiken.com SuSE 7.1 Professional Linux
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 26 March 2001 10:39, Christopher W. Aiken wrote:
http://www.cnn.com/2001/TECH/internet/03/23/linux.worm.idg/index.html
If you're running a bind earlier than 8.2.3 (final, not beta) then upgrade. I've seen six systems comprimised over the past few weeks, despite our proactive bind upgrading. It's funny how Red Hat doesn't support 6.1 anymore, I had to make my own RPM. Having hundreds of servers installed all over the world, some of them inaccessible (moving demos) is a pain... For any servers that are comprimised: reinstall from scratch. I'm serious. There is no other way to guarantee that a system is clean. We're recreating hard drives here and sending them out. SuSE 7.1 already has 8.2.1, and is *not* vulnerable. I'm really happy with SuSE's security efforts. I'm not sure about earlier versions, but the RPMs are already available. - -- James Oakley Engineering - SolutionInc Ltd. joakley@solutioninc.com http://www.solutioninc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6v1j8HYysNB5h3fIRArWrAKDJL4YC+VpoV8lIrMsg1Hl8E6rJ1wCgxjfA dzUfZ0Hu2sBOqt9nUbWz55g= =68kz -----END PGP SIGNATURE-----
On Mon, Mar 26, 2001 at 10:58:04AM -0400, joakley@solutioninc.com wrote:
If you're running a bind earlier than 8.2.3 (final, not beta) then upgrade. I've seen six systems comprimised over the past few weeks, despite our proactive bind upgrading. It's funny how Red Hat doesn't support 6.1 anymore, I had to make my own RPM. Having hundreds of servers installed all over the world, some of them inaccessible (moving demos) is a pain...
For any servers that are comprimised: reinstall from scratch. I'm serious. There is no other way to guarantee that a system is clean. We're recreating hard drives here and sending them out.
SuSE 7.1 already has 8.2.1, and is *not* vulnerable. I'm really happy with SuSE's security efforts. I'm not sure about earlier versions, but the RPMs are already available.
Erm, isn't 8.2.1 earlier than 8.2.3, and therefore at risk? Can I assume that as: o My network connects to the net via a firewall o The only incoming connections that are allowed through the firewall are SSH and SMTP o All other ports are denied by the firewall that my otherwise vulnerable Bind server is not at risk? It's not running on the firewall box. I know I should probably upgrade anyway, but I'm intending to go to 7.1 or 7.2 soon, so I can't really be bothered - it's only my own personal network at home, so security isn't as important to me as it would be if it were a company network. -- David Smith Tel: +44 (0)1454 462380 (direct) STMicroelectronics Fax: +44 (0)1454 617910 1000 Aztec West TINA (ST only): (065) 2380 Almondsbury Home: 01454 616963 BRISTOL Mobile: 07932 642724 BS32 4SQ Work Email: Dave.Smith@st.com Home Email: David.Smith@ds-electronics.co.uk
On Mon, Mar 26, 2001 at 04:20:38PM +0100, Dave Smith wrote:
Erm, isn't 8.2.1 earlier than 8.2.3, and therefore at risk?
Can I assume that as: o My network connects to the net via a firewall o The only incoming connections that are allowed through the firewall are SSH and SMTP o All other ports are denied by the firewall that my otherwise vulnerable Bind server is not at risk? It's not running on the firewall box. I know I should probably upgrade anyway, but I'm intending to go to 7.1 or 7.2 soon, so I can't really be bothered - it's only my own personal network at home, so security isn't as important to me as it would be if it were a company network.
It should be important to you. This worm spreads by using compromised hosts to scan for vulnerable machines. I believe that SuSE has upgraded RPMs available. You never know what unknown vulnerabilities are out there. Therefore you should close all of the ones that you do know of. - v -- Victor R. Cardona vcardona@home.com "Behold the keyboard of Kahless, the greatest Klingon code warrior that ever lived!"
It's for a version of bind that SuSE has long since updated..update your version of BIND and if your not running BIND..then I wouldn't sweat it. * Christopher W. Aiken (cwaiken@telerama.com) [010326 06:41]: => =>http://www.cnn.com/2001/TECH/internet/03/23/linux.worm.idg/index.html => -- Ben Rosenberg mailto:ben@whack.org ----- If two men agree on everything, you can be sure that only one of them is doing the thinking.
participants (5)
-
Ben Rosenberg -
Christopher W. Aiken -
Dave Smith -
James Oakley -
Victor R. Cardona