> There are generally no holes in Linux per se which allow remote users to
> obtain root access. However (especially if you have an older system)
> there might be flaws in various server daemons that could allow users to
> obtain unauthorized access or, in some cases, unauthorized root access.
> Apache, telnet, sendmail, sendmail, inn, sendmail, imapd, sendmail, and
> others, all have had this problem at one time or another. The most recent
> program with this problem has been named. And even if it is a minor hole
> that only allows remote access, rather than remote root access, they could
> still use one hole to get in and another hole to get from there to root.
there was an advisory published by CERT on april 8 of this year about
an exploit in bind (i.e. named) that allows remote hackers a break-in
with root access. i know of many computers that have been compromised
by this (even though none of them had any business running named in
the first place). the stock bind that comes with redhat 5.0 or earlier
IS VULNERABLE! either get rid of it if you don't need it or grab the
update post haste to protect yourself. bind is only the most recent
one. there have been many others like those mentioned above so
definitely upgrade if you're running anything less than 4.2 or 5.1
with all of the latest updates.
redhat is generally very good about making fixes available very
quickly when exploits or security problems are found. it is in
everyone's best interest to take advantage of that. even though my
machines haven't been hacked, other people's machines on the network
here were and password sniffers were installed and run on them.
fortunately, it was caught pretty quickly, but it still forced
everyone to change their passwords which is annoying. it did give me
more ammo to throw at the solaris admins to convince them to start
running ssh.
tim
--
Time is like fingers A | Tim Pickering ([EMAIL PROTECTED])
Gesturing for me to stop -- Quake | UA Steward Observatory
Why is the sun up? Haiku | Tucson, AZ 85721 520-621-6523
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
