[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RaQ3] A tale about an OS update, bind and a worm

Subject: Re: [cobalt-users] [RaQ3] A tale about an OS update, bind and a worm
From: SM <nntp@xxxxxxxxx>
Date: Mon Sep 3 07:28:04 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 10:30 03-09-2001 +0300, Per M Knutsen wrote:
>The culprit was a bind worm, which was kind of weird as I had secured
>myself against the bind exploit long time ago. Reading the profile above, I
>realized I had done the same mistake of updating my RaQ3 with the OS Update
>4.0 .pkg, which effectively downgraded my hardened bind to an exploitable
>one. The "update" was applied a few days ago. The funny thing is that I
>also applied the bind update about 10 minutes later! In other words, in the
>10 minutes it took me to apply the bind update after the OS update, some
>mother**** had already planted his seeds in my RaQ!

A package should not downgrade to the previous version of an apps without
asking the user for confirmation.  It might be difficult to implement in
the current RaQ3 Web UI.

Never put off a security update.  10 minutes can a long time. :)

Regards,
-sm

References:
- [cobalt-users] [RaQ3] A tale about an OS update, bind and a worm
  - From: Per M Knutsen

Prev by Date: RE: [cobalt-users] XML
Next by Date: RE: [cobalt-users] Very slow FTP uploads
Previous by thread: RE: [cobalt-users] [RaQ3] A tale about an OS update, bind and a worm
Next by thread: [cobalt-users] transfer monitor [raq3]

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index