[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] FYI : Worm notification



* Richard Lowe (richlowe [at] btinternet.com) wrote:
> * Barrie Bremner (baz [at] barriebremner.com) wrote:
> > Richard writes:
> >  > Dear All
> >  > 
> >  > Robin Cannings at Arm.com has sent this to me from Cambridge.  He
> >  > explains that he is not allowed to write directly to this list and so
> >  > he's asked me to forward his e-mail to you.
> >  > 
> >  > The subject of his mail is something that I found out about on the
> >  > Sydney list last week.  A number of SLUG users have had their Debian,
> >  > Red Hat and SuSE systems compromised by the Lion worm.....
> >  > 
> >  > 
> >  > Robin.Cannings [at] arm.com wrote:
> >  > 
> >  > > -----BEGIN PGP SIGNED MESSAGE-----
> >  > > Hash: SHA1
> >  > > 
> >  > > ALERT!  A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
> > 
> >  > > DESCRIPTION
> >  > > 
> >  > > The Lion worm is similar to the Ramen worm. However, this worm is
> >  > > significantly more dangerous and should be taken very seriously.  It
> >  > > infects Linux machines running the BIND DNS server.  It is known to
> >  > > infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all
> >  > > 8.2.3-betas. The specific vulnerability used by the worm to exploit
> >  > > machines is the TSIG vulnerability that was reported on January 29,
> >  > > 2001.
> >  
> > Yet other reason to use djbdns - http://cr.yp.to/
> > 
> 
> Or just have a sensible firewall, and dont let totally random people hit
> your DNS server. 
> or even better. 
> both.
> 
> Before the ramen worm, etc. it was always said the only way a worm /
> virus would spread on UNIX systems, is poor system administration.
> these two worms havent altered that theory. they've more or less proved
> it.
> 
> the Ramen worm spread after the bugs in the various pieces of software
> had been known, and fixed for months.
> 
> and although the BIND vulnerability hasnt been known for as long.
> BIND seems to me a major source of problems in its self.
> and most people would recommend running it chroot'ed. 
> (I believe OpenBSD does by default, but I'm not sure).
> 
> I'm sure my box isnt as secure as it good be.

s/good/could/ if you were wondering :-)
ispell is only useful when dont press the number for the wrong
alternative :) 

*hangs head in shame* :-)

> but I'm generally very quick at applying patches to fix problems such as
> this.
> 
> of course, theres probably something I've missed. and we all make
> mistakes. and I'm probably just grumpy anyway :-)
> 

-- 
|*-------------------=[ Richard Lowe ]=------------------*|
| richlowe [at] btinternet.com                   UIN: 74724348 |           
|*-------------------------------------------------------*|
| Europe has the Kilogram and the Meter.                  |
| America has the Pound and the Inch.                     |
| Childrens TV has the Elephant and the Double Decker Bus |
|*-------------------------------------------------------*|
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.