LinuxSA Mailing list archives

  From: Alan Kennington <akenning@dog.topology.org>
  To  : LinuxSA <linuxsa@linuxsa.org.au>
  Date: Tue, 30 Jan 2001 11:03:06 +1030

apparent vulnerability of [Redhat] linux 6.2

As some of you may know, I report scan probes from time to time.
Here's an interesting response from Rutgers.

I gather that they mean RedHat linux 6.2 when they say linux 6.2.

It seems to me that there have been a lot of reports of
the vulnerability of Redhat 6.2 in the last few months.
Is that so? Is it particularly weak?

I know that my own old 5.2 machines were particularly weak on
security. I wonder if the *.2 versions are just somehow
inherently weak. Maybe not....

Since I haven't had permission to publish the quoted e-mail,
I'll anonymise it a little.

I think this experience just reinforces that RedHat (and probably other
distributions too) should never be put on the net without
a lot of serious configuration and patching.
Yes I know that this is obvious to very many people.
But not everyone was born with a keyboard in their hand.
Some people still think that you can just install linux and
start work without a good computer security grounding!

Cheers,
Alan Kennington.

----- Forwarded message from "xxxx" <xxxx@scils.rutgers.edu> -----

Date: Mon, 29 Jan 2001 18:49:22 -0500 (EST)
From: "xxxx" <xxxx@scils.rutgers.edu>
To: akenning@dog.topology.org
Subject: Re: probe by  165.230.162.206 (datafusion.rutgers.edu) (fwd)

To Whom it may concern:

I am the Assistant Dean for Network & Information Technology at the
School of Communication, Information and Library Studies at Rutgers
University.  I wanted to write to you to apologize for the recent
intrusion of your system by one of our faculty systems.  The system in
question was a PC running Linux 6.2.  Our internal investigation
indicated that this system was not installed by a system admin. with
security expertise.  It was installed for legitimate faculty research
but the security policies were not adequately configured and patches
not applied properly.

I have determined that the system was hacked and compromised.  This
system has been disabled and will not be re-activated.  It will be
wiped clean and re-installed by properly trained personnel and only
then approved for re-introduction to the network.

I do apologize for any inconvenience or distress this system may
have caused your organization.  I will work diligently to see to it
that none of our systems are again responsible for any intrusion.

Thank you for your patience and understanding.

Respectfully,

xxxx

[....]

----- End forwarded message -----

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject