On Thu, Feb 15, 2001 at 01:43:44PM +0100, Sebastiaan wrote: > I have version 8.2.2-P7 of bind. Is woody's bind up to date enough? This version of bind is vulnerable to root compromise, you should add: ## security updates deb http://security.debian.org/debian-security/ potato/updates main contrib deb http://security.debian.org/debian-non-US/ potato/non-US main contrib deb-src http://security.debian.org/debian-security/ potato/updates main contrib deb-src http://security.debian.org/debian-non-US/ potato/non-US main contrib to your /etc/apt/sources.list and run apt-get update && apt-get dist-upgrade immediatly. also if your name server has inexplicably crashed recently as you appear to have observed in an earlier message you should audit your system very carefully. the exploit for your version of bind causes named to crash but not before running /bin/sh for the attacker. if you run bind as root (NOT recommended) you end up with a root compromise. in short never ever run bind in the default debian configuration, always rewrite its initscript to run it as named.named (you need to add this user and group) and inside a chroot jail. i have a initscript patch which will take care of automatically updating the chroot jail and run named unprivileged in chroot, just mail me if your interested. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpVMhcNcVwlr.pgp
Description: PGP signature