Re: Ramen vs. Immunix

["Blake R. Swopes" <bhodi () BIGFOOT COM>]

Ramen is getting a lot of interest in the Incidents list, which is where it
was discovered. Anyone interested might want to take a look at the archived
posts from that list, starting with the discussion of an increase in sunrpc
scans.

> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
> Crispin Cowan
> Sent: Wednesday, January 17, 2001 5:24 PM
> To: BUGTRAQ () SECURITYFOCUS COM
> Subject: Ramen vs. Immunix
>
>
> ZDnet
> http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html and
> MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been
> reporting a
> new Linux worm today, highly similar to the Morris worm.  Curiously,
> Bugtraq has been silent on this issue, but securityfocus.com now has a
> good technical article up http://www.securityfocus.com/news/139
>
> Upon reading the Securityfocus article, we found that all three of the
> attacks used by Ramen are stopped by FormatGuard
> http://immunix.org/formatguard.html
>
>    * WU-FTPD format bug
>      http://www.securityfocus.com/vdb/bottom.html?vid=1387
>    * rpc.statd format bug
>      http://www.securityfocus.com/vdb/bottom.html?vid=1480
>    * LPRng format bug
>      http://www.securityfocus.com/vdb/bottom.html?vid=1712
>
>  Therefore, Immunix System 7 is invulnerable to Ramen.
>
> Crispin
>
> --
> Crispin Cowan, Ph.D.
> Chief Research Scientist, WireX Communications, Inc. http://wirex.com
> Free Hardened Linux Distribution:
> http://immunix.org