[18699] in bugtraq
Re: Ramen vs. Immunix
daemon@ATHENA.MIT.EDU (Blake R. Swopes)
Thu Jan 18 18:33:36 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000201c0818a$c9684e20$0300000a@TheWell.LAN>
Date: Thu, 18 Jan 2001 12:11:03 -0800
Reply-To: "Blake R. Swopes" <bhodi@BIGFOOT.COM>
From: "Blake R. Swopes" <bhodi@BIGFOOT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A6645B2.EBF6D08F@wirex.com>
Ramen is getting a lot of interest in the Incidents list, which is where it
was discovered. Anyone interested might want to take a look at the archived
posts from that list, starting with the discussion of an increase in sunrpc
scans.
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
> Crispin Cowan
> Sent: Wednesday, January 17, 2001 5:24 PM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Ramen vs. Immunix
>
>
> ZDnet
> http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html and
> MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been
> reporting a
> new Linux worm today, highly similar to the Morris worm. Curiously,
> Bugtraq has been silent on this issue, but securityfocus.com now has a
> good technical article up http://www.securityfocus.com/news/139
>
> Upon reading the Securityfocus article, we found that all three of the
> attacks used by Ramen are stopped by FormatGuard
> http://immunix.org/formatguard.html
>
> * WU-FTPD format bug
> http://www.securityfocus.com/vdb/bottom.html?vid=1387
> * rpc.statd format bug
> http://www.securityfocus.com/vdb/bottom.html?vid=1480
> * LPRng format bug
> http://www.securityfocus.com/vdb/bottom.html?vid=1712
>
> Therefore, Immunix System 7 is invulnerable to Ramen.
>
> Crispin
>
> --
> Crispin Cowan, Ph.D.
> Chief Research Scientist, WireX Communications, Inc. http://wirex.com
> Free Hardened Linux Distribution:
> http://immunix.org
>
