![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Wed, 17 Jan 2001 17:24:02 -0800
From: Crispin Cowan <crispin@WIREX.COM>
Subject: Ramen vs. Immunix
To: BUGTRAQ@SECURITYFOCUS.COM
ZDnet http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html and
MSNBC http://www.msnbc.com/news/517622.asp?0cm=c20 have been reporting a
new Linux worm today, highly similar to the Morris worm. Curiously,
Bugtraq has been silent on this issue, but securityfocus.com now has a
good technical article up http://www.securityfocus.com/news/139
Upon reading the Securityfocus article, we found that all three of the
attacks used by Ramen are stopped by FormatGuard
http://immunix.org/formatguard.html
* WU-FTPD format bug
http://www.securityfocus.com/vdb/bottom.html?vid=1387
* rpc.statd format bug
http://www.securityfocus.com/vdb/bottom.html?vid=1480
* LPRng format bug
http://www.securityfocus.com/vdb/bottom.html?vid=1712
Therefore, Immunix System 7 is invulnerable to Ramen.
Crispin
--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org