on Fri, Mar 23, 2001 at 12:53:59PM -0500, John Cuson ([EMAIL PROTECTED]) wrote: > forwarded sans alert ... > > john cuson > ([EMAIL PROTECTED], [EMAIL PROTECTED]) > > "Why, sometimes I've believed as many as six impossible things > before breakfast." >
> Date: Fri, 23 Mar 2001 10:39:47 -0700 (MST) > From: The SANS Institute <[EMAIL PROTECTED]> > Subject: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > Errors-To: [EMAIL PROTECTED] > To: John Cuson (SD132462) <[EMAIL PROTECTED]> > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > > March 23, 2001 7:00 AM <...> > DESCRIPTION > > The Lion worm is similar to the Ramen worm. However, this worm is > significantly more dangerous and should be taken very seriously. It > infects Linux machines running the BIND DNS server. It is known to > infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all > 8.2.3-betas. The specific vulnerability used by the worm to exploit > machines is the TSIG vulnerability that was reported on January 29, > 2001. Note that Package: bind Version: 1:8.2.3-4 ...is a production (not beta) 8.2 BIND, and is *not* vulnerable to the exploit mentioned in this alert. Run your updates, you should have been covered as of late January if you're keeping current. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
pgpXau15awgBT.pgp
Description: PGP signature