On Fri, Feb 16, 2001 at 09:11:44PM -0800, Jeff Davis wrote: > I am running bind 8.2.2p7-1. vulnerable to root compromise. > Every couple days, I notice that named is just not running. No errors in > syslog, nothing. Before I had a couple duplicate entries in the > named.conf file, and I thought maybe removing them fixed the problem, > but it didn't. All I can do is just restart the daemon. I would prefer > to not wait it out continuously because I don't like the downtime, but I > did turn on a debugging option in ndc (hasn't crashed since then, but I > think it is only a matter of when). named crashes when the root exploit is run against it, but not before giving the attacker a shell. your box has probably suffered a root compromise, unless of course you changed your bind setup to not run as root (and run it in chroot preferably). -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgptAlZpnZNto.pgp
Description: PGP signature