[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] FYI : Worm notification
* Barrie Bremner (baz [at] barriebremner.com) wrote:
> Richard writes:
> > Dear All
> >
> > Robin Cannings at Arm.com has sent this to me from Cambridge. He
> > explains that he is not allowed to write directly to this list and so
> > he's asked me to forward his e-mail to you.
> >
> > The subject of his mail is something that I found out about on the
> > Sydney list last week. A number of SLUG users have had their Debian,
> > Red Hat and SuSE systems compromised by the Lion worm.....
> >
> >
> > Robin.Cannings [at] arm.com wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
>
> > > DESCRIPTION
> > >
> > > The Lion worm is similar to the Ramen worm. However, this worm is
> > > significantly more dangerous and should be taken very seriously. It
> > > infects Linux machines running the BIND DNS server. It is known to
> > > infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all
> > > 8.2.3-betas. The specific vulnerability used by the worm to exploit
> > > machines is the TSIG vulnerability that was reported on January 29,
> > > 2001.
>
> Yet other reason to use djbdns - http://cr.yp.to/
>
Or just have a sensible firewall, and dont let totally random people hit
your DNS server.
or even better.
both.
Before the ramen worm, etc. it was always said the only way a worm /
virus would spread on UNIX systems, is poor system administration.
these two worms havent altered that theory. they've more or less proved
it.
the Ramen worm spread after the bugs in the various pieces of software
had been known, and fixed for months.
and although the BIND vulnerability hasnt been known for as long.
BIND seems to me a major source of problems in its self.
and most people would recommend running it chroot'ed.
(I believe OpenBSD does by default, but I'm not sure).
I'm sure my box isnt as secure as it good be.
but I'm generally very quick at applying patches to fix problems such as
this.
of course, theres probably something I've missed. and we all make
mistakes. and I'm probably just grumpy anyway :-)
--
|*-------------------=[ Richard Lowe ]=------------------*|
| richlowe [at] btinternet.com UIN: 74724348 |
|*-------------------------------------------------------*|
| Europe has the Kilogram and the Meter. |
| America has the Pound and the Inch. |
| Childrens TV has the Elephant and the Double Decker Bus |
|*-------------------------------------------------------*|
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.