[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BIND compromise




Watch out if you're running BIND 4.9.5, 4.9.6 or 8.1.x.  There's a nifty
little buffer overflow program on www.rootshell.com that allows users to
get a root shell.  I had a system compromised in this way.  You're
probably vulnerable if you're running redhat 5.0 or 5.1 with the shipped
nameserver.  4.9.3 is not vulnerable, but, the program does kill the
nameserver off.  So, I guess it's a DoS in that respect.  Just thought I'd
heads-up ya guys.

Koree

---------------------------------------------
Koree A. Smith  | Co-Administrator, Ameth.org
koree@Ameth.org | http://www.ameth.org/~koree       
NT != *IX       | I Corinthians 2:1-5
---------------------------------------------


--
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.