[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Ramen Worm

Subject: RE: [cobalt-security] Ramen Worm
From: Graeme Fowler <Graeme.F@xxxxxxxxxxxxxxx>
Date: Mon, 22 Jan 2001 10:54:21 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Alex Collins asked:

> Are any of the Cobalt products affected by this Virus/worm ?

The worm exploits holes in rpc.statd and WU_ftpd, right?

# telnet raq4.ip.address 21
Trying raq4.ip.address...
Connected to raq4.ip.address.
Escape character is '^]'.
220 ProFTPD 1.2.0pre9 Server (ProFTPD) [raq4.ip.address]

So no problem there then... and as RaQs don't run RPC services (at
least, not now anyway) then they're not running rpc.statd. And if your
RaQ is, you should switch it off anyway as it's not required for use as
a normal web/mail/ftp server.

[Note: ProFTPD is not without holes... so it's probably only a matter of
time before someone rewrites the work to exploit that, or other
widely-known system exploits. Bottom line is: keep your system
up-to-date, although this is Cobalt we're talking about!]

Regards

Graeme

Follow-Ups:
- Re: [cobalt-security] Ramen Worm
  - From: Mike Vanecek

Prev by Date: [cobalt-security] Ramen Worm
Next by Date: Re: [cobalt-security] Ramen Worm
Previous by thread: [cobalt-security] Ramen Worm
Next by thread: Re: [cobalt-security] Ramen Worm

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index