By overflowing the buffer of several services a user can gain access to a root shell with very little effort. The most known ports for attack are 111 and 143. I have had 3 servers all in different parts of the country get taken down within a months time due to the same attack. This problem has been around for years but only recently heavily exploited. A fixed version of all the vulnerable services should have been included in RedHat releases long ago. There are widely available scripts to portscan large ip ranges to find linux machines vulnerable to the attack. A FIX TO THIS PROBLEM SHOULD BE OF TOP PRIORITY TO REDHAT IMMEDIATELY AND REDHAT SHOULD BE WARNING ANYONE WHO VISITS THEIR WEB SITE OF THE PROBLEM AND OFFER A PATCH TO CORRECT IT. BY NOT DOING SO REDHAT WILL LOSE MUCH CREDIBILITY WITH MUCH NEEDED LINUX-TO-BE CUSTOMERS. Bottom line is that no linux machine with internet presence is safe from this attack and until RedHat does something to correct the problem, and therefore I would not recommnd anyone use it until then. Please do your best to correct the problem immediately. A redhat release version 5.21 or something is not too much to ask to fix such a major problem--one that should have been corrected long ago.
Why did you use the "Component: nfs-server" in this bug report? Port 111 is sun-rpc and 143 is imap and they have nothing to do with nfs-server component. Also, are you sure you had all the latest security updates installed when your computers were compromized? I am afraid you did not provide enough information about these vulnerabilities. I am sure RedHat already included fixes for all well-known vulnerabilities long time ago and if you know something they've missed, you'd better provide more information.
> You dont really have a "general" category so nfs is the closest > since its the most often attacked. > I don't work for RedHat - I am just an ordinary user. > No. I did not have the latest security updates installed because > 1) red hat did not inform me of the updates, > You did not read RedHat Installation Guide carefully enough. It mentions the redhat-announce-list and gives the link to RedHat Errata - http://www.redhat.com/support/docs/errata.html > I am well aware that fixes exist, my complaint lies in the fact that > redhat still release buggy services. Redhat 5.2 was released last > month and still does not have "fixed versions" > I find that RedHat always releases security fixes quickly. If you are aware of some _particular_ problems that exist in RH5.2 and are not yet fixed, it probably means that RedHat is not aware of these problems and you should create a new bug reports describing those problems and ways to fix them. > >+I am afraid you did not provide enough information about these > >+vulnerabilities. I am sure RedHat already included fixes for all > >+well-known vulnerabilities long time ago and if you know something > >+they've missed, you'd better provide more information. > > > I installed everything out of the box as it comes in redhat 5.2 > which is my justification in saying that vulnerable versions are > still being distributed. I made no changes to the services which are > being attacked. > By "provide enough information" I mean "provide enough information so that people at RedHat could verify the existance of the problem and fix it", not just "enough information for someone who already knows about all the vulnerabilities of all services in RedHat to guess what you mean". > could you at least point me to a page that contains ALL known > secutiry holes (old or new) and how to guard against them. http://www.redhat.com/support/docs/errata.html P.S. The comments that are added to bugzilla via Web - http://developer.redhat.com/bugzilla/show_bug.cgi?id=1049 are easier to read than those that are sent by e-mail.