[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Apparent SNMP remote-root vulnerability.

From: Jon Lewis <jlewis inorganic5 fdt net>
To: Dan Reish <dreish izzy net>
Cc: linux-security redhat com
Subject: Re: [linux-security] Re: Apparent SNMP remote-root vulnerability.
Date: Tue, 12 May 1998 01:18:38 -0400 (EDT)

On Sun, 10 May 1998, Dan Reish wrote:

> through another round of weeding out unused daemons).  Whoever did this
> has a fairly large library of vulnerabilities, since he was hopping from
> one system (not all running Linux) to the next, getting root and moving on
> quickly.  So ... here are the daemons and services I had running at the
> time:
> 
> named (from bind-4.9.6-7)

This has known buffer overruns...unless 4.9.6-7 is a hand fixed job by the
RedHat people.  ISC released an emergency 4.x (4.9.7, I think) version and
suggested everyone should really upgrade to 8.1.2T3b.

Assuming the intruder's not reading this list, and you really want to know
how he got in, you could do a reinstall or tape restore, and setup a
sniffer to watch him break back in.

------------------------------------------------------------------
 Jon Lewis <jlewis fdt net>  |  http://noagent.com/?jl1 for cheap 
 Network Administrator       |  life insurance over the net.
 Florida Digital Turnpike    |  
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____

Follow-Ups:
- Re: [linux-security] Re: Re: Apparent SNMP remote-root vulnerability.
  - From: Bryan C. Andregg

References:
- Re: [linux-security] Apparent SNMP remote-root vulnerability.
  - From: Dan Reish

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]