Bugtraq mailing list archives
Re: Ramen vs. Immunix
From: "Blake R. Swopes" <bhodi () BIGFOOT COM>
Date: Thu, 18 Jan 2001 12:11:03 -0800
Ramen is getting a lot of interest in the Incidents list, which is where it was discovered. Anyone interested might want to take a look at the archived posts from that list, starting with the discussion of an increase in sunrpc scans.
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Crispin Cowan Sent: Wednesday, January 17, 2001 5:24 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Ramen vs. Immunix ZDnet http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html and MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been reporting a new Linux worm today, highly similar to the Morris worm. Curiously, Bugtraq has been silent on this issue, but securityfocus.com now has a good technical article up http://www.securityfocus.com/news/139 Upon reading the Securityfocus article, we found that all three of the attacks used by Ramen are stopped by FormatGuard http://immunix.org/formatguard.html * WU-FTPD format bug http://www.securityfocus.com/vdb/bottom.html?vid=1387 * rpc.statd format bug http://www.securityfocus.com/vdb/bottom.html?vid=1480 * LPRng format bug http://www.securityfocus.com/vdb/bottom.html?vid=1712 Therefore, Immunix System 7 is invulnerable to Ramen. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Ramen vs. Immunix Crispin Cowan (Jan 18)
- Re: Ramen vs. Immunix Blake R. Swopes (Jan 18)