[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux] BIND with Linux distributions



Je pense que ceci peut en intéresser plus d'un :

Linux tips for May 4, 2001
Security alert: Have you upgraded BIND?
The Berkeley Internet Name Domain (BIND) server that is commonly included with Linux distributions contains at least four known vulnerabilities that intruders are beginning to exploit, according to the CERT Coordination Center. Because BIND provides most of the domain name services for the Internet, these vulnerabilities could prove disastrous if system administrators fail to update to the latest version of BIND—and apparently, many have failed to do so. If you're running BIND on an internal network or one that's connected to the Internet, be sure to check your Linux distribution's support page to make sure you're running the latest version. For example, Red Hat is making updated BIND packages available on its site.
Security alert: rpc.statd (NFS)
An input validation vulnerability in the rpc.statd service enables intruders to gain root access to Linux systems. This service is generally included in the utilities provided with Network File System (NFS) support. If you are running NFS on your network, visit your Linux distribution's support page to obtain an upgraded copy of rpc.statd—and do so without delay. Unlike most of the vulnerabilities we warn you about, this one has already resulted in numerous system compromises. For more information, see the CERT Coordination Center's page on rpc.statd vulnerabilities.


[ Soyez précis dans vos sujets svp afin de déterminer directement ]
[ le type de demande... ]
[ Pour vous (dés)inscrire, aller sur http://linuxbe.org/ml.php ]
[ http://LinuxBe.org Contact: listmaster@linuxbe.org ]