[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] FYI : Worm notification
* Richard Lowe (richlowe [at] btinternet.com) wrote:
> * Barrie Bremner (baz [at] barriebremner.com) wrote:
> > Richard writes:
> > > Dear All
> > >
> > > Robin Cannings at Arm.com has sent this to me from Cambridge. He
> > > explains that he is not allowed to write directly to this list and so
> > > he's asked me to forward his e-mail to you.
> > >
> > > The subject of his mail is something that I found out about on the
> > > Sydney list last week. A number of SLUG users have had their Debian,
> > > Red Hat and SuSE systems compromised by the Lion worm.....
> > >
> > >
> > > Robin.Cannings [at] arm.com wrote:
> > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
> >
> > > > DESCRIPTION
> > > >
> > > > The Lion worm is similar to the Ramen worm. However, this worm is
> > > > significantly more dangerous and should be taken very seriously. It
> > > > infects Linux machines running the BIND DNS server. It is known to
> > > > infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all
> > > > 8.2.3-betas. The specific vulnerability used by the worm to exploit
> > > > machines is the TSIG vulnerability that was reported on January 29,
> > > > 2001.
> >
> > Yet other reason to use djbdns - http://cr.yp.to/
> >
>
> Or just have a sensible firewall, and dont let totally random people hit
> your DNS server.
> or even better.
> both.
>
> Before the ramen worm, etc. it was always said the only way a worm /
> virus would spread on UNIX systems, is poor system administration.
> these two worms havent altered that theory. they've more or less proved
> it.
>
> the Ramen worm spread after the bugs in the various pieces of software
> had been known, and fixed for months.
>
> and although the BIND vulnerability hasnt been known for as long.
> BIND seems to me a major source of problems in its self.
> and most people would recommend running it chroot'ed.
> (I believe OpenBSD does by default, but I'm not sure).
>
> I'm sure my box isnt as secure as it good be.
s/good/could/ if you were wondering :-)
ispell is only useful when dont press the number for the wrong
alternative :)
*hangs head in shame* :-)
> but I'm generally very quick at applying patches to fix problems such as
> this.
>
> of course, theres probably something I've missed. and we all make
> mistakes. and I'm probably just grumpy anyway :-)
>
--
|*-------------------=[ Richard Lowe ]=------------------*|
| richlowe [at] btinternet.com UIN: 74724348 |
|*-------------------------------------------------------*|
| Europe has the Kilogram and the Meter. |
| America has the Pound and the Inch. |
| Childrens TV has the Elephant and the Double Decker Bus |
|*-------------------------------------------------------*|
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.