on Fri, Mar 23, 2001 at 12:53:59PM -0500, John Cuson (jcuson@labs.isdh.state.in.us) wrote:
> forwarded sans alert ...
>
> john cuson
> (jcuson@labs.isdh.state.in.us, jcuson@alumni.indiana.edu)
>
> "Why, sometimes I've believed as many as six impossible things
> before breakfast."
>
> Date: Fri, 23 Mar 2001 10:39:47 -0700 (MST)
> From: The SANS Institute <securityalert@sans.org>
> Subject: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
> Errors-To: bounce@sans.org
> To: John Cuson (SD132462) <jcuson@gwnet.isd.state.in.us>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
>
> March 23, 2001 7:00 AM
<...>
> DESCRIPTION
>
> The Lion worm is similar to the Ramen worm. However, this worm is
> significantly more dangerous and should be taken very seriously. It
> infects Linux machines running the BIND DNS server. It is known to
> infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all
> 8.2.3-betas. The specific vulnerability used by the worm to exploit
> machines is the TSIG vulnerability that was reported on January 29,
> 2001.
Note that
Package: bind
Version: 1:8.2.3-4
...is a production (not beta) 8.2 BIND, and is *not* vulnerable to the
exploit mentioned in this alert. Run your updates, you should have been
covered as of late January if you're keeping current.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpZXCtInTOxo.pgp
Description: PGP signature