Date: Thu, 5 Apr 2001 18:24:21 -0400 (EDT) From: elr at panix.com (MOTD [Panix])
(The following article has been automatically mirrored from MOTD)
(Posted by Ed Ravin [staff]) Thu, Apr 05 2001 -- 5:57 PM --------------------------------------------------------------------------- All Linux, FreeBSD, NetBSD, and any other users who administer Unix machines at their home or in their workplace please take note:
The xntpd and ntpd daemons, which are used for synchronizing time between multiple machines over a network, have a security vulnerability that allows remote attackers to gain root access.
If you are using NTP on your Linux, FreeBSD, NetBSD, or any other Unix-ish operating system which you keep connected to the Internet on a regular basis, you should shut down the NTP daemon now and examine your machine for evidence of a remote attack. We have already received one report from a Panix customer who was probed Thursday night/ Friday morning.
Users with commercial vendor versions of Unix (i.e. Solaris, AIX, HP-UX, etc) should contact their vendor for more information to find out if they are affected (I suspect they are, though it will take a while before someone puts together an exploit). In the meantime, you should stop running xntpd/ntpd until your vendor addresses the problem.
For further discussion, please post in panix.questions.
Windows and Mac users can safely ignore this message.
-- Ed
PS: We've received reports of Panix customers with Linux machines being hacked at the rate of 1-2 per week for the couple of weeks - if you have ANY Linux or *BSD system that you have not updated with security fixes since January 1, or if you installed ANY Linux or *BSD system directly from the CD and have not updated it (like RedHat 6.2 or 7.0), that system is probably vulnerable to remote exploits.
--- Public Access Internet & UNIX [panix.com]