[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Security problems in bind -- persisting?

From: Graham Higgins <gjh bel-epa com>
To: linux-security redhat com
Subject: Security problems in bind -- persisting?
Date: Mon, 3 Jan 2000 17:04:54 +0000

At 11:21 pm -0500 on 11/11/99, you wrote:

Synopsis:		Security problems in bind
Advisory ID:		RHSA-1999:054-01
Issue date:		1999-11-11

Despite the release of bind-8.2.2_P3-1, it would appear that at least the RedHat binary rpm may still be vulnerable.

We run a RedHat 6.0/6.1 system and named (that's bind-8.2.2_P3-1) was down this morning. When I went to the named directory to check before restarting, I noticed a directory:

drwxr-xr-x 2 root root 1024 Jan 2 23:47 ADMROCKS/

had appeared and logcheck reported:

**Unmatched Entries**
Jan  2 23:47:59 bel bash[346]: Remote execution attempt from 194.102.200.1

I can't find any traces of activity in wtmp (but with a shell spawned from named, I'm not likely to am I?) and tripwire isn't reporting anything untoward in the directories it is assigned to check.

Nevertheless, I am a bit spooked. Has anyone else seen this attack?
Cheers,

Graham Higgins
--------------
Bel EPA Bristol, UK.
http://bel-epa.com

Follow-Ups:
- [linux-security] Re: Security problems in bind -- persisting?
  - From: Kyle B Ferrio

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]