Date: Thu, 29 Mar 2001 23:55:41 -0800 From: Dima Dorfman <dima@unixfreak.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Edwin Groothuis <edwin@mavetju.org>, Bart Silverstrim <bsilverstrim@tsd.k12.pa.us>, freebsd-questions@FreeBSD.ORG Subject: Re: named core dump Message-ID: <20010330075541.C3FD53E09@bazooka.unixfreak.org> In-Reply-To: <20010329121905.E5300@xor.obsecurity.org>; from kris@obsecurity.org on "Thu, 29 Mar 2001 12:19:05 -0800"
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway <kris@obsecurity.org> writes: > On Thu, Mar 29, 2001 at 07:07:58PM +0200, Edwin Groothuis wrote: > > On Thu, Mar 29, 2001 at 11:57:50AM -0500, Bart Silverstrim wrote: > > > [ named dumps core ] > > > > Somebody is trying to get into your machine, upgrade to 8.2.3. See also > > ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:18.bind.asc > > And if they weren't fools, they already got root access.. Okay, I've seen enough of these e-mails to want to do something about it. Normally, I'd write up an FAQ entry about it, but that doesn't seem quite right in this case since it's so time-sensitive; i.e., after a while nobody will ask this stuff (hopefully). Anyone have any suggestions on a course of action? I'd like to document this somewhere we can point people at, but the FAQ doesn't seem the right place for it. Besides, if someone doesn't read the advisories, they probably don't read the FAQ, either, so all it'd be is an RTFM pointer (yes, we already have the advisory, but I think something that answers this "code dump" question directly is in order). Suggestions? Thanks, Dima Dorfman dima@unixfreak.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010330075541.C3FD53E09>