[NTLUG:Discuss] A Vulnerability question
Bug Hunter
bughuntr at one.ctelcom.net
Mon Oct 8 10:35:47 CDT 2001
On Mon, 8 Oct 2001, Dennis Myhand wrote:
> Okay, I realize this may be a very simplistic sounding question, BUT...
>
> Whenever there is a vulnerability announced, such as for BIND, or
> another such program (Like everything on my wife's Winderz machine), am
> I vulnerable if I,
>
> 1.) Am not running that program, like not even configured but on my
> system?,
if it is not running in memory ( ps ax | grep name), you are not
vunerable to that program's problems for a remote exploit.
if someone gets into your machine and causes the program to run, ...
>
> 2.) Am running a firewall and not running that program, same situation
> as 1?,
if that program is running on a machine behind a firewall, you are
usually exposed only to people behind the firewall. Unless the firewall
forwards packets for that program's services to that machine.
>
> 3.) Or am simply running a firewall with that program running?
if that program is running on the firewall, you are vunerable.
>
> TNX, Dennis in Victoria
More information about the Discuss
mailing list