5974465 2001-01-17 17:24 -0800 /31 rader/ Crispin Cowan <crispin@WIREX.COM> Sänt av: joel@lysator.liu.se Importerad: 2001-01-18 18:49 av Brevbäraren (som är implementerad i) Python Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: crispin@WIREX.COM Mottagare: Bugtraq (import) <14874> Ärende: Ramen vs. Immunix ------------------------------------------------------------ From: Crispin Cowan <crispin@WIREX.COM> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <3A6645B2.EBF6D08F@wirex.com> ZDnet http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html and MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been reporting a new Linux worm today, highly similar to the Morris worm. Curiously, Bugtraq has been silent on this issue, but securityfocus.com now has a good technical article up http://www.securityfocus.com/news/139 Upon reading the Securityfocus article, we found that all three of the attacks used by Ramen are stopped by FormatGuard http://immunix.org/formatguard.html * WU-FTPD format bug http://www.securityfocus.com/vdb/bottom.html?vid=1387 * rpc.statd format bug http://www.securityfocus.com/vdb/bottom.html?vid=1480 * LPRng format bug http://www.securityfocus.com/vdb/bottom.html?vid=1712 Therefore, Immunix System 7 is invulnerable to Ramen. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org (5974465) --------------------------------(Ombruten) 5975413 2001-01-18 12:11 -0800 /48 rader/ Blake R. Swopes <bhodi@BIGFOOT.COM> Sänt av: joel@lysator.liu.se Importerad: 2001-01-19 01:27 av Brevbäraren (som är implementerad i) Python Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: bhodi@BIGFOOT.COM Mottagare: Bugtraq (import) <14895> Kommentar till text 5974465 av Crispin Cowan <crispin@WIREX.COM> Ärende: Re: Ramen vs. Immunix ------------------------------------------------------------ From: "Blake R. Swopes" <bhodi@BIGFOOT.COM> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <000201c0818a$c9684e20$0300000a@TheWell.LAN> Ramen is getting a lot of interest in the Incidents list, which is where it was discovered. Anyone interested might want to take a look at the archived posts from that list, starting with the discussion of an increase in sunrpc scans. > -----Original Message----- > From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of > Crispin Cowan > Sent: Wednesday, January 17, 2001 5:24 PM > To: BUGTRAQ@SECURITYFOCUS.COM > Subject: Ramen vs. Immunix > > > ZDnet > http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html and > MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been > reporting a > new Linux worm today, highly similar to the Morris worm. Curiously, > Bugtraq has been silent on this issue, but securityfocus.com now has a > good technical article up http://www.securityfocus.com/news/139 > > Upon reading the Securityfocus article, we found that all three of the > attacks used by Ramen are stopped by FormatGuard > http://immunix.org/formatguard.html > > * WU-FTPD format bug > http://www.securityfocus.com/vdb/bottom.html?vid=1387 > * rpc.statd format bug > http://www.securityfocus.com/vdb/bottom.html?vid=1480 > * LPRng format bug > http://www.securityfocus.com/vdb/bottom.html?vid=1712 > > Therefore, Immunix System 7 is invulnerable to Ramen. > > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Research Scientist, WireX Communications, Inc. http://wirex.com > Free Hardened Linux Distribution: > http://immunix.org > (5975413) --------------------------------(Ombruten)