[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Ramen Linux Worm info

To: linux-india-general@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Ramen Linux Worm info
From: archan <devrootp@xxxxxxxxxxx>
Date: Sat, 20 Jan 2001 10:34:22 +0530
Organization: Open Source Software
References: <5.0.2.1.0.20010119113707.00a4d220@206.103.12.141>

thanx for this nice Info

archan
devrootp@xxxxxxxxxxx

"Diwakar - tamil.com" wrote:
> 
> from ISS Alert newsletter (http://www.infowar.com)
> 
> Ramen Linux Worm
> 
> Affected Systems:
> 
> Red Hat 6.2 for Intel not patched for wu-ftp or nfs.
> Red Hat 7.0 First Edition for Intel not patched for LPRng.
> 
> Systems not known to be vulnerable:
> 
> Red Hat 7.0 for Intel Second Edition (Respin).
> Previous versions of Red Hat Linux.
> Non-Intel versions of Linux.
> Non-Red Hat versions of Linux.
> Any other versions of Unix.
> 
> Additional Information:
> 
> Ramen does not attempt to hide its presence or clean up after itself. It
> can be detected on a system by the presence of the
> directory /usr/src/.poop or by the presence of the file /sbin/asp.
> 
> To remove the Ramen Worm from your system, follow these steps:
> 
> 1.  Delete: /usr/src/.poop and /sbin/asp.
> 2.  If it exists, remove:  /etc/xinetd.d/asp
> 3.  Remove all lines in /etc/rc.d/rc.sysinit which refer to any
>     file in /etc/src/.poop.
> 4.  Remove any lines in /etc/inetd.conf referring to /sbin/asp
> 5.  Reboot the system or manually kill any processes such as synscan,
>     start.sh, scan.sh, hackl.sh, or hackw.sh.
> 6.  ISS recommends that ftp, rpc.statd, or lpr are not enabled until
>     updates have been installed.
> 
> Due to the general-purpose exploits at the core of this worm, it is
> advisable to implement the following safeguards to prevent successful
> attacks from potential variations of this exploit.
> 
> Disable FTP if it is not a required service. FTP provides information that can be exploited to identify vulnerable systems, even when FTP is not vulnerable.
> 
> Do not permit outside network access to RPC services, including NFS.
> 
> Do not permit outside network access to LPR services.
> 
> --
> Got something to say? Subscribe to tamil.com e-mail discussion
> forums!
> 
> The teen mailing list:    mailto:teen-subscribe@xxxxxxxxxxxxxxx
> Art discussions:          mailto:art-subscribe@xxxxxxxxxxxxxxx
> Literary discussions:     mailto:books-subscribe@xxxxxxxxxxxxxxx
> Infotech:                 mailto:it-subscribe@xxxxxxxxxxxxxxx
> For 18 years and above:   mailto:sex-subscribe@xxxxxxxxxxxxxxx
> 
> ----------------------------------------------
> Find out more about this and other Linux India
> mailing lists at http://lists.linux-india.org/

References:
- Ramen Linux Worm info
  - From: Diwakar - tamil.com

Prev by Subject: Ramen Linux Worm info
Next by Subject: RedHat 7.0
Previous by thread: Ramen Linux Worm info
Next by thread: Fwd: Underground: Hacking, Madness and Obsession...
Index(es):
- Subject
- Thread