[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Bind Overrun Bug and Linux

From: Leigh Porter <leigh wisper net>
To: Peter Kelly <pkelly ets net>
Cc: linux-security redhat com, support ss org
Subject: Re: [linux-security] Bind Overrun Bug and Linux
Date: Tue, 19 May 1998 19:04:32 +0000

Peter Kelly wrote:

> [mod: Just to show you that people DO get bitten after a bugwarning has
> gone out on linux-security..... -- REW]
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Content-Type: text/plain; charset=us-ascii
>
> Has anyone been hit with the Bind Inverse Query Buffer Overrun on
> their Linux servers?  We have had 3 servers attacked using this
> expoit and all of the machines had several binaries replaced with
> trojan programs.  Below is the cert advisory for the exploit; but
> if anyone needs details under Linux of what happens and how to fix/
> protect your servers, mail me.

I was bitten, looks like the same one too. It was a non-critical machine
that was hit running un-fixed BIND's for playing with.

It seems that the purpotrator used ncftp to get a file called "hide" from various
systems which no longer seem to have this. This file contained an archive of
the trojan's that were inserted into the compromised system - does anybody know
what is in these trojans?

--
Leigh

Follow-Ups:
- Re: [linux-security] Re: Bind Overrun Bug and Linux
  - From: Duncan Simpson
- Re: [linux-security] Re: Bind Overrun Bug and Linux
  - From: The Nolander

References:
- Bind Overrun Bug and Linux
  - From: Peter Kelly

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]