Re: MSBLAST virus portable to Linux?

From: Robert Heller (heller_at_deepsoft.com)
Date: 08/14/03

• Next message: Kenneth Porter: "Re: Video Grabbers for Linux"
• Previous message: Robert Heller: "Re: mkfs and NTFS/HPFS yet?"
• In reply to: Mats: "MSBLAST virus portable to Linux?"
• Next in thread: Bill Unruh: "Re: MSBLAST virus portable to Linux?"
• Reply: Bill Unruh: "Re: MSBLAST virus portable to Linux?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Wed, 13 Aug 2003 22:51:05 +0000

  "Mats" <spamenot.mog.pettersson@telia.com>,
  In a message on Wed, 13 Aug 2003 18:42:10 GMT, wrote :

"> Since the MSBLAST virus uses an exploit in Windows RPC which is drived from
"> the OSF protocol (Open Software Foundation), is there any risk of getting a
"> virus ported to Linux/*NIX systems or is the exploit only in available in
"> the MS Windows binary? I mean, they might have *borrowed* some OSF code?
">
"> I quote Microsoft below:
">
"> ----8<---
"> Remote Procedure Call (RPC) is a protocol used by the Windows
"> operating system. RPC provides an inter-process communication
"> mechanism that allows a program running on one computer to
"> seamlessly execute code on a remote system. The protocol itself
"> is derived from the OSF (Open Software Foundation) RPC protocol,
"> but with the addition of some Microsoft specific extensions.
">
"> There is a vulnerability in the part of RPC that deals with
"> message exchange over TCP/IP. The failure results because of
"> incorrect handling of malformed messages. This particular
"> vulnerability affects a Distributed Component Object Model (DCOM)
"> interface with RPC, which listens on TCP/IP port 135. This
"> interface handles DCOM object activation requests sent by client
"> machines (such as Universal Naming Convention (UNC) paths) to the
"> server.
"> ---8<---

Reading this closely, it is not a problem with RPC itself, but of a
MS-Windows specific software entity: DCOM, which is NOT an OSF.

">
">
">

                                     \/
Robert Heller ||InterNet: heller@cs.umass.edu
http://vis-www.cs.umass.edu/~heller || heller@deepsoft.com
http://www.deepsoft.com /\FidoNet: 1:321/153

                                                                         

---

• Next message: Kenneth Porter: "Re: Video Grabbers for Linux"
• Previous message: Robert Heller: "Re: mkfs and NTFS/HPFS yet?"
• In reply to: Mats: "MSBLAST virus portable to Linux?"
• Next in thread: Bill Unruh: "Re: MSBLAST virus portable to Linux?"
• Reply: Bill Unruh: "Re: MSBLAST virus portable to Linux?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: MSBLAST virus portable to Linux? ... they might have *borrowed* some OSF code? ... ]"> Remote Procedure Call (RPC) is a protocol used by the Windows ... ]"> is derived from the OSF (Open Software Foundation) RPC protocol, ... (comp.os.linux.misc) MSBLAST virus portable to Linux? ... Since the MSBLAST virus uses an exploit in Windows RPC which is drived from ... they might have *borrowed* some OSF code? ... Remote Procedure Call (RPC) is a protocol used by the Windows ... (comp.os.linux.misc) Re: MAPI vs IMAP4 ... uses RPC over HTTP.... ... Service Provider Interface -+ ... Server Server Modem Server Server ... That's a protocol question, not a client question. ... (microsoft.public.exchange.admin) Re: RPC Binding ... The RPC Bindings that a server offers is dependant on the rpc ... ClientProtocols registry subkey contains entries that determine the ... registry subkey determines if the operating system supports that protocol. ... (microsoft.public.exchange.connectivity)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)