[svlug] bind vulnerability

Rick Moen rick at linuxmafia.com
Mon Mar 26 14:59:02 PST 2001


begin Gordon Vrololjak quotation:

> I was wondering what I should do for prevention on the system? 

1.  Examine your system for signs of security compromise.  (No, I do
    _not_ mean running canned "checkers" like "lionfind".)
2.  Apply other obvious, sysadmin-standard measures to reduce your
    exposure.
3.  Upgrade to BIND v. 8.2.3.  (It's possible that Red Hat's v.
    "8.2.2_P7-0.6.2" includes the TSIG patch.  What do the docs says?
    When was it released?  If prior to Jan. 26, obviously it cannot.)
4.  Install and maintain some suitable IDS of your choosing, e.g. AIDE
    or Tripwire.  See:  http://packetstorm.securify.com/UNIX/IDS/

When you say "prevention", I assume you mean "prevention of security
compromise".  People who seek "prevention" specifically of worm software
that can only be installed by first compromising system security are
kind of missing the point.

> I've been keeping up with all the updates from redhat's website, but I see
> nothing on the new bind vulnerability.

Once again, this is _not_ a new vulnerability.  BIND 8.2.3 fixed the TSIG
bug two months ago.  http://www.isc.org/products/BIND/bind-security.html

-- 
Cheers,                                      Right to keep and bear
Rick Moen                                  Haiku shall not be abridged
rick at linuxmafia.com                           Or denied.  So there.




More information about the svlug mailing list