[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Bindworm (LION)

Subject: RE: [cobalt-security] Bindworm (LION)
From: "Alex Lee" <alex@xxxxxxxxxx>
Date: Mon, 26 Mar 2001 16:21:35 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> have cobalt put a patch out yet?
> or will we have to wait until we have been hacked (AGAIN)?

This is not a new security issue. It exploits the same BIND problem that
came out weeks ago.

//begin
Lion is a new worm, that is very similar to the Ramen worm. However, this
worm is much more dangerous and should be taken seriously. It infects Linux
machines with the BIND DNS server running. It is known to infect BIND
version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px. BIND 8.2.3-REL has been reported as
not being vulnerable. The BIND vulnerability is the TSIG vulnerability that
was reported back on January 29, 2001.
//end

If you have updated your RaQs, you are running 8.2.3.

The "new" features about this program is that it is far nastier than other
hacking kits for the same exploit because it self-propagates.


alex

References:
- RE: [cobalt-security] Bindworm (LION)
  - From: Sean Chester

Prev by Date: RE: [cobalt-security] Bindworm (LION)
Next by Date: Re: [cobalt-security] Bindworm (LION)
Previous by thread: RE: [cobalt-security] Bindworm (LION)
Next by thread: Re: [cobalt-security] Bindworm (LION)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index