on Fri, Mar 23, 2001 at 12:53:59PM -0500, John Cuson ([EMAIL PROTECTED]) wrote: > forwarded sans alert ... > > john cuson > ([EMAIL PROTECTED], [EMAIL PROTECTED]) > > "Why, sometimes I've believed as many as six impossible things > before breakfast." >
> Date: Fri, 23 Mar 2001 10:39:47 -0700 (MST)
> From: The SANS Institute <[EMAIL PROTECTED]>
> Subject: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
> Errors-To: [EMAIL PROTECTED]
> To: John Cuson (SD132462) <[EMAIL PROTECTED]>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
>
> March 23, 2001 7:00 AM
<...>
> DESCRIPTION
>
> The Lion worm is similar to the Ramen worm. However, this worm is
> significantly more dangerous and should be taken very seriously. It
> infects Linux machines running the BIND DNS server. It is known to
> infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all
> 8.2.3-betas. The specific vulnerability used by the worm to exploit
> machines is the TSIG vulnerability that was reported on January 29,
> 2001.
Note that
Package: bind
Version: 1:8.2.3-4
...is a production (not beta) 8.2 BIND, and is *not* vulnerable to the
exploit mentioned in this alert. Run your updates, you should have been
covered as of late January if you're keeping current.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
pgpXau15awgBT.pgp
Description: PGP signature
