[18676] in bugtraq
Ramen vs. Immunix
daemon@ATHENA.MIT.EDU (Crispin Cowan)
Thu Jan 18 12:55:32 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3A6645B2.EBF6D08F@wirex.com>
Date: Wed, 17 Jan 2001 17:24:02 -0800
Reply-To: crispin@WIREX.COM
From: Crispin Cowan <crispin@WIREX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
ZDnet http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html and
MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been reporting a
new Linux worm today, highly similar to the Morris worm. Curiously,
Bugtraq has been silent on this issue, but securityfocus.com now has a
good technical article up http://www.securityfocus.com/news/139
Upon reading the Securityfocus article, we found that all three of the
attacks used by Ramen are stopped by FormatGuard
http://immunix.org/formatguard.html
* WU-FTPD format bug
http://www.securityfocus.com/vdb/bottom.html?vid=1387
* rpc.statd format bug
http://www.securityfocus.com/vdb/bottom.html?vid=1480
* LPRng format bug
http://www.securityfocus.com/vdb/bottom.html?vid=1712
Therefore, Immunix System 7 is invulnerable to Ramen.
Crispin
--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org
