sicurezza
Rossi Giuseppe
giuseppe.rossi a tfl.com
Mar 23 Gen 2001 14:26:58 UTC
Non sono specializzato in Linux, ma navigando su siti che parlano di tale
S.O. ho trovato questo articolo:
"First Successful Linux Virus Reported
By Mobile Computing
MOSCOW, January 22, 2001, 9:25 a.m. EST - Kaspersky Lab, the Russian
anti-virus specialist, has warned about a new Internet worm that attacks
Linux-based computers.
"The worm, which executes under Red Hat Linux, is called Ramen, and
represents a surprise for what had been considered to be one of the most
protected platforms available today.
Kaspersky said that Ramen, which affects Red Hat Linux 6.2- or 7.0-based
systems, exploits three security breaches named "in.ftpd", "rpc.statd" and
"LPRng", which were previously detected and closed, between June and
September 2000.
All of these breaches, the firm said, are from the "buffer overflow"
category and allow a malicious person to send a remote system an executable
code and run it without the user's permission.
The Moscow-based company said that the way the worm works is rather
sophisticated.
Firstly, a target computer receives data that overflows the system's
internal buffer, so a worm code gains the root privileges and starts the
command processor that executes the worm's instructions.
At this stage, Ramen creates the "/usr/src/.poop" folder, launches the Lynx
Internet browser and downloads the worm's archive "RAMEN.TGZ" from a remote
computer.
After this, Ramen opens the archive and executes its main file "START.SH".
The worm has no additional payload except for changing the content of
"INDEX.HTML" files found on the system.
When the affected HTML-files are run they display a message of "RameN Crew -
Hackers loooooo00000000000ve noodles."
Denis Zenkin, Kaspersky's head of corporate communications, said that it's
important to emphasize that the breaches exploited by Ramen are also found
on other Linux variants, including Caldera OpenLinux, Connectiva Linux,
Debian Linux, HP-UX and Slackware Linux.
"This particular worm is triggered to activate only on systems running Red
Hat Linux," he said, adding that other Linux variants could be affected by
future versions of the worm.
"We therefore recommend users to immediately install patches for these
breaches regardless of the Linux distribute they use," he said, adding that
no reports of the virus "in the wild."
Kaspersky is at www.kaspersky.com"
Magari ha qualcosa a che fare con il tuo problema, oppure sto solo dicendo
una cavolata. Se così fosse, chiedo venia.
Ciao, GR
-----Original Message-----
From: Donzella Antonietta [mailto:donzella a fidabs.ing.unibs.it]
Sent: Tuesday, January 23, 2001 9:02 AM
To: lug a lugbs.linux.it
Subject: Re: sicurezza
grazie a tutti, ci meditero'
AD
--
Antonietta Donzella
Universita' degli Studi di Brescia
Dipartimento di Chimica e Fisica per l'Ingegneria e per i Materiali
Facolta' di Ingegneria
Via Valotti 9 - 25133 Brescia Italy
Tel: +39-030-3715703
Fax: +39-030-2091271
Maggiori informazioni sulla lista
Lug
|
