[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux] BIND with Linux distributions
Je pense que ceci peut en intéresser plus d'un :
Linux tips for May 4, 2001
Security alert: Have you upgraded BIND?
The Berkeley Internet Name Domain (BIND) server that is commonly included
with Linux distributions contains at least four known vulnerabilities that
intruders are beginning to exploit, according to the CERT Coordination
Center. Because BIND provides most of the domain name services for the
Internet, these vulnerabilities could prove disastrous if system
administrators fail to update to the latest version of BIND—and apparently,
many have failed to do so. If you're running BIND on an internal network or
one that's connected to the Internet, be sure to check your Linux
distribution's support page to make sure you're running the latest version.
For example, Red Hat is making updated BIND packages available on its site.
Security alert: rpc.statd (NFS)
An input validation vulnerability in the rpc.statd service enables
intruders to gain root access to Linux systems. This service is generally
included in the utilities provided with Network File System (NFS) support.
If you are running NFS on your network, visit your Linux distribution's
support page to obtain an upgraded copy of rpc.statd—and do so without
delay. Unlike most of the vulnerabilities we warn you about, this one has
already resulted in numerous system compromises. For more information, see
the CERT Coordination Center's page on rpc.statd vulnerabilities.
[ Soyez précis dans vos sujets svp afin de déterminer directement ]
[ le type de demande... ]
[ Pour vous (dés)inscrire, aller sur http://linuxbe.org/ml.php ]
[ http://LinuxBe.org Contact: listmaster@linuxbe.org ]