Security: Linux/BIND worm on the loose

Paul_Melson@keykertusa.com Paul_Melson@keykertusa.com
Fri, 23 Mar 2001 16:26:18 -0500

Previous message: Security: Linux/BIND worm on the loose
Next message: DSL/Cable in the W. Lansing area?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>fscking pathetic....another exploit for a 3monthold known issue.....
>
>Edward Glowacki extolled:
>> Information is available at http://www.sans.org/y2k/lion.htm,
>> Somehow my email copy of this advisory deleted itself (not sure
>> how that happened, went to forward it to the list, aborted for a
>> second to look at something else, came back and it was gone...),
>> so I'll quickly summarize for you:
>>
>> The worm infects Linux boxen running BIND.
>> It sends your password files away.
>> It turns off syslog.
>> It starts some servers to provide back doors into your system.
>> It installs a rootkit that replaces many binaries on your system.
>>
>> Follow the link above for the complete story.  If you're running
>> a name server on any of your Linux boxes, it's time to make sure
>> BIND is up to date and that you haven't already been infected.

     What's truly pathetic is that it's spreading through
     as-of-yet unsecured systems.  If people patched their
     systems routinely this wouldn't be a problem.

PaulM

Previous message: Security: Linux/BIND worm on the loose
Next message: DSL/Cable in the W. Lansing area?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]