|
|
Eat the Worm: What version of BIND is in final?
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Seattle
Status:
Offline
|
|
There is a rare and deadly virus now hitting Linux boxes that could also hit other Unix types. it attacks the BIND DNS server. http://www.sans.org
"..the final stable release of BIND 8.2.3 is believed to be not
succeptable to the worm's attacks."
What version do we have? I don't want to get hit with something this nasty right out the door.
For non-unix people:
There is no reason to panic. This stuff is NOT running on OSX unless you go out of your way to turn it on.
|
You can take the dude out of So Cal, but you can't take the dude outta the dude, dude!
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2000
Status:
Offline
|
|
If it's for X86 Linux then it can't run on OS X.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 1999
Location: Boston, MA USA
Status:
Offline
|
|
Originally posted by Scott_H:
If it's for X86 Linux then it can't run on OS X.
I don't know if it's safe to ignore this. I don't think many of these worms are processor-specific. After reading the info on the lion worm (http://www.sans.org/y2k/lion.htm), it appears to access vulnerabilities in systems that may be available in BSD systems as well. I haven't heard anything specific about how this worm affects BSD systems, but the description seems to focus on vulnerabilities in GNU apps, of which MacOSX has plenty.
Can anyone with more Unix experience confirm/deny that this can affect MacOSX or Free/Net/OpenBSD systems?
|
|
|
|
|
|
|
|
|
anon
|
|
I'd have to agree witht dogzilla. Once an exploit like BIND is known, it's a simple matter to gain access to the root shell. There are already PPC binaries that will do this.
So, given the BIND exploit, substitution of a little x86 code with the known PPC code, a cracker can easily gain access to the root shell. This would easily become a OS X "root-kit" that crackers will happily exchange amongst themselves.
Of course, OS X doesn't ship with the root account enabled. But probably anyone running DNS off OS X would enable root to get admin work done.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Seattle
Status:
Offline
|
|
I got X today and checked it out.
There is no BIND included so this is not a problem for us at all.
they gave us 'named' instead.
the security updates on linux are a pain and you can get outdated and out of synch. Let's hope the System Software Updater can keep us ahead of the curve. We should have all the latest Darwin updates, bug fixes and security tweaks, the day they come out - automatically.
We probably ought to let this thread die so we don't scare anybody.
|
You can take the dude out of So Cal, but you can't take the dude outta the dude, dude!
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Sep 2000
Location: New York, NY USA
Status:
Offline
|
|
Is bind/named even turned on by default on 1.0? I don't see it running.
|
|
|
|
|
|
|
|
|
anon
|
|
Is bind/named even turned on by default on 1.0? I don't see it running.
No, as the original post said
For non-unix people: There is no reason to panic. This stuff is NOT running on OSX unless you go out of your way to turn it on.
And even if it were, the release included is
so what is important to remember is that
"..the final stable release of BIND 8.2.3 is believed to be not succeptable to the worm's attacks."
And there is no need to be concerned at all.
Quod Erat Demonstratum
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Jan 2000
Location: Northern California
Status:
Offline
|
|
So it's not turned on by default...
is there any way to make it automatically turn on on startup?
Caio
------------------
|
"My software never has bugs. It merely develops random, undocumented features."
-Anonymous
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Seattle
Status:
Offline
|
|
is there any way to make it automatically turn on on startup?
Add a folder for it in /system/library/startupitems/
Look around in there, you'll get the idea. I did this for MySQl by copying the Apache folder then changing the names.
To make it work add a line for it with -YES- in /etc/hostconfig
|
You can take the dude out of So Cal, but you can't take the dude outta the dude, dude!
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Seattle
Status:
Offline
|
|
Me: There is no BIND included so this is not a problem for us at all.
they gave us 'named' instead.
Albert: named = BIND
Doh!
I thought they were two divergent branches of the same tree.
|
You can take the dude out of So Cal, but you can't take the dude outta the dude, dude!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|