by Tom Com » Thu, 06 Mar 1997 04:00:00
Hello,
Is there a patch for ntalk that fixes the hole reported by
CA-97.04? I've upgraded our DNS server to bind 4.9.5 but
would like a patch in case we are also being resolved by
binds that are suceptible. Thanks.
--
Academic Computing & Network Services Voice: (904) 644-2591
Florida State University Tallahassee, Fl.
1. HTTPD and CERT advisory CA-97.07
While looking in the logs of an NCSA HTTPD for possible hacker evidence,
I noted something odd, which I prefer not to describe in detail.
Anyhow, I looked around at NCSA to see if I could see the relevant
security exposure described, and I couldn't. At first I didn't find
anything on dejanews either.
But later on, I found a reference to CERT Advisory CA-97.07, which
described the situation exactly, and mentioned other servers that might
be affected.
Recommendation: disable nph-test-cgi (and read the advisory, of
course).
ftp://info.cert.org/pub/cert_advisories/CA-97.07.nph-test-cgi_script
Hope this is useful to someone else. It doesn't seem to have been
mentioned in this group, but as it's no secret on the security
groups, I presume the serious hackers all know it anyway.
3. rlogin vulnerability: CERT Advisory CA-97.06
5. CERT Advisory CA-97.06: BAD rlogin_wrapper.c installation
6. iMac Linux Site - updated (kernel build howto etc)
7. SunOS not vulnerable to rlogin bug (CERT CA-97.06)
8. Configuring server by web interface
9. Please help! L 04 04 04 04 04 04 04 04 10 10 10 10 04 10ILO
11. COMMERCIAL: German Linux Magazine 04/97
12. two questions - ppp patch - 101425-04 ( not 101424-04)
13. Bootdisk displays l04 04 04 04 continuosuly