linux, säkerhet

5974465 2001-01-17 17:24 -0800  /31 rader/ Crispin Cowan <crispin@WIREX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-01-18  18:49  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: crispin@WIREX.COM
Mottagare: Bugtraq (import) <14874>
Ärende: Ramen vs. Immunix
------------------------------------------------------------
From: Crispin Cowan <crispin@WIREX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <3A6645B2.EBF6D08F@wirex.com>

ZDnet http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html
and MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been
reporting a new Linux worm today, highly similar to the Morris worm.
Curiously, Bugtraq has been silent on this issue, but
securityfocus.com now has a good technical article up
http://www.securityfocus.com/news/139

Upon reading the Securityfocus article, we found that all three of the
attacks used by Ramen are stopped by FormatGuard
http://immunix.org/formatguard.html

   * WU-FTPD format bug
     http://www.securityfocus.com/vdb/bottom.html?vid=1387
   * rpc.statd format bug
     http://www.securityfocus.com/vdb/bottom.html?vid=1480
   * LPRng format bug
     http://www.securityfocus.com/vdb/bottom.html?vid=1712

 Therefore, Immunix System 7 is invulnerable to Ramen.

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org
(5974465) --------------------------------(Ombruten)
5975413 2001-01-18 12:11 -0800  /48 rader/ Blake R. Swopes <bhodi@BIGFOOT.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-01-19  01:27  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: bhodi@BIGFOOT.COM
Mottagare: Bugtraq (import) <14895>
Kommentar till text 5974465 av Crispin Cowan <crispin@WIREX.COM>
Ärende: Re: Ramen vs. Immunix
------------------------------------------------------------
From: "Blake R. Swopes" <bhodi@BIGFOOT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <000201c0818a$c9684e20$0300000a@TheWell.LAN>

Ramen is getting a lot of interest in the Incidents list, which is
where it was discovered. Anyone interested might want to take a look
at the archived posts from that list, starting with the discussion of
an increase in sunrpc scans.

> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
> Crispin Cowan
> Sent: Wednesday, January 17, 2001 5:24 PM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Ramen vs. Immunix
>
>
> ZDnet
> http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html and
> MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been
> reporting a
> new Linux worm today, highly similar to the Morris worm.  Curiously,
> Bugtraq has been silent on this issue, but securityfocus.com now has a
> good technical article up http://www.securityfocus.com/news/139
>
> Upon reading the Securityfocus article, we found that all three of the
> attacks used by Ramen are stopped by FormatGuard
> http://immunix.org/formatguard.html
>
>    * WU-FTPD format bug
>      http://www.securityfocus.com/vdb/bottom.html?vid=1387
>    * rpc.statd format bug
>      http://www.securityfocus.com/vdb/bottom.html?vid=1480
>    * LPRng format bug
>      http://www.securityfocus.com/vdb/bottom.html?vid=1712
>
>  Therefore, Immunix System 7 is invulnerable to Ramen.
>
> Crispin
>
> --
> Crispin Cowan, Ph.D.
> Chief Research Scientist, WireX Communications, Inc. http://wirex.com
> Free Hardened Linux Distribution:
> http://immunix.org
>
(5975413) --------------------------------(Ombruten)