[lug] Security notice and Ramen

Scott A. Herod herod at interact-tv.com
Tue Jan 23 16:02:33 MST 2001


Not Ramen itself but I have had to deal with an attack from the
same root kit.  ( New rule, if you put up a machine outside 
the firewall, and don't follow the network rules, some friends with
tin snips will come visit you and emacs is going to be hard for you to
use again. )

I'm only familiar with the 6.2 exploit and there, as the advisory 
probably mentioned, a patched version of statd have been available
at least since Nov.

As for other holes, I'm sure new ones will be found.  For example,
how old is the lpd attack used against RH 7.0?  ( Of course, I've
not written enough C/C++ networking code to understand why it's so
hard to close buffer overflow attacks. )

Scott

John Starkey wrote:
> 
> Has anyone had to deal with the ramen toolkit? I was just made aware that
> some machines on the same network as mine have been compromised. I'm not
> running any of the specified services and it looks like i'm clear but CERT
> just issued the Incident Note last week. So i'm wondering if there are any
> other holes that could be used?
> 
> Funny, their using /usr/src/.poop as the root dir. Such jokers :}
> 
> TIA,
> 
> John




More information about the LUG mailing list