Date: Wed, 17 Jan 2001 17:24:02 -0800 From: Crispin Cowan <crispin@WIREX.COM> Subject: Ramen vs. Immunix To: BUGTRAQ@SECURITYFOCUS.COM ZDnet http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html and MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been reporting a new Linux worm today, highly similar to the Morris worm. Curiously, Bugtraq has been silent on this issue, but securityfocus.com now has a good technical article up http://www.securityfocus.com/news/139 Upon reading the Securityfocus article, we found that all three of the attacks used by Ramen are stopped by FormatGuard http://immunix.org/formatguard.html * WU-FTPD format bug http://www.securityfocus.com/vdb/bottom.html?vid=1387 * rpc.statd format bug http://www.securityfocus.com/vdb/bottom.html?vid=1480 * LPRng format bug http://www.securityfocus.com/vdb/bottom.html?vid=1712 Therefore, Immunix System 7 is invulnerable to Ramen. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org