older security bug in bind?
Duane Cox
dcox at coxnetwork.com
Tue May 2 21:10:02 UTC 2000
Hello
I run the latest versin of bind on our nameservers,
but I did have a caching only ns running bind 8.2-6
Somehow someone did get access to the box by some process I am not sure of, I just suspect named.
There was a process running /dev/.../ns that i have deleted, the funny thing is who ever done this
somehow got access to destroy (possibly alter.. ??) the in.telnetd process ,
because in.telnetd was NOT authenticating from the /etc/passwd list of users..
is it possible that this older version of bind could allow someone to do that.. it was running via default settings.. (root)
Duane Cox
dcox at coxnetwork.com
More information about the bind-users
mailing list