begin Justin Mason quotation:
> The BIND vulnerability is the TSIG vulnerability that was reported
> back on January 29, 2001.
The ISC security advisory actually came out three days earlier, on
January 26. More to the immediate point, BIND v. 8.2.3 also came out,
closing the security hole. Two months ago.
Anyone dumb enough to leave machines on the Net while still vulnerable
to a notorious remote root exploit, _two months_ after the fix came out,
will need to worry about much worse things than "serious Linux worms'.
And, by the way, it is erroneous to call this a "worm infecting BIND".
It's just another automated script kiddie attack against long-known,
long-fixed-by-anyone-with-half-a-brain vulnerabilies.
For heaven's sakes, people: Those unwilling to attend to the
fundamentals of system security shouldn't run network daemons reachable
from the Internet.
--
Cheers, Right to keep and bear
Rick Moen Haiku shall not be abridged
rick at linuxmafia.com Or denied. So there.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
