Re: Which is better?

Robert Heller wrote:
The Natural Philosopher <a@xxx>,
In a message on Tue, 21 Mar 2006 00:51:44 +0000, wrote :

TNP> Robert Heller wrote:
TNP> > The Natural Philosopher <a@xxx>,
TNP> > In a message on Mon, 20 Mar 2006 11:22:49 +0000, wrote :
TNP> >
TNP> > TNP> (PeteCresswell) wrote:
TNP> > TNP> > Per Robert Heller:
TNP> > TNP> >> You don't need virus scanning if *all* the machines on the LAN are
TNP> > TNP> >> running Linux.
TNP> > TNP> >
TNP> > TNP> > Is that because of some inherent resistance in Linux or because people who write
TNP> > TNP> > viruses haven't turned their attention to Linux yet?
TNP> > TNP>
TNP> > TNP> The latter mainly.
TNP> > TNP>
TNP> > TNP> The first internet worm was written to attack a particular version of
TNP> > TNP> Sendmail running on VMS.
TNP> >
TNP> > The Morris Worm attacked Sendmail and finger on *SunOS*, not VMS! VMS
TNP> > was never affected AFAIK. And those versions of Sendmail and finger are
TNP> > long long gone.
TNP> >
TNP>
TNP> I think not. Check again.
TNP>
TNP> It may have been Unix, but it was definitely a DEC machine, not a sun.
TNP> that caught it first....

Might have been Ultrix or VAXBSD -- some *commercial* BSD flavored UNIX
(SunOS < 5 is BSD based). Wasn't VMS -- the Morris Worm attacked a bug
in sendmail and finger, both of which are UNIX programs and were not
used under VMS (at least not then).

My understanding of it was that there was a compilation flag that opened a
back door into sendmail to permit testing. Prior to distributing sendmail to
the general public, that flag should have been switched off and sendmail
recompiled, and someone forget to do that, so the back door was left open.
That allowed the other opportunities to be exploited. If you want more, you
might look here:

http://world.std.com/~franl/worm.html



--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 07:20:01 up 5 days, 8:31, 3 users, load average: 4.25, 4.30, 4.22
.

Relevant Pages

  • Re: Which is better?
    ... TNP> Jean-David Beyer wrote: ... TNP>>> in sendmail and finger, both of which are UNIX programs and were not ... TNP>> back door into sendmail to permit testing. ... actually my understanding was that the used a buffer read command ...
    (comp.os.linux.misc)
  • Re: Which is better?
    ... TNP> Jean-David Beyer wrote: ... TNP>>> in sendmail and finger, both of which are UNIX programs and were not ... TNP>> back door into sendmail to permit testing. ... actually my understanding was that the used a buffer read command ...
    (comp.os.linux.misc)
  • Re: Which is better?
    ... TNP> Robert Heller wrote: ... TNP>> TNP> Sendmail running on VMS. ... By sending an abnormally long string to it in an email address, the stack was overwritten, and return from the function was then to a pre-empted code address. ... It only worked on a machine whose instruction set you knew - and whose memory locations you knew. ...
    (comp.os.linux.misc)
  • Re: Which is better?
    ... TNP> Robert Heller wrote: ... TNP>> TNP> Sendmail running on VMS. ... And those versions of Sendmail and finger are ... both of which are UNIX programs and were not ...
    (comp.os.linux.misc)
  • Re: Which is better?
    ... TNP>> Per Robert Heller: ... TNP>>> running Linux. ...
    (comp.os.linux.misc)