----- Forwarded message from Mohammad DAMT <[EMAIL PROTECTED]> ----- Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Date: Thu, 18 Jan 2001 14:31:17 +0700 From: Mohammad DAMT <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: berita bener ? User-Agent: Mutt/1.2.5i Fcc: /home/mdamt/mail/sent-mail X-ID: http://djenggotsempong.com ini ada, tapi konfirmasinya tanya siapa ya? ... contoh site yg kena: http://fmipa.ipb.ac.id/~panji (tapi mungkin saat ini sudah dibenerin) tapi saya coba telnet ke port 27374 fmipa.ipb.ac.id masih bisa RED HAT LINUX RAMEN WORM FOUND IN THE WILD Today a worm found its way into Internet webservers running Red Hat Linux versions 6.2 or 7.0. The worm installs root kits and modifies the website's index.html files (homepages) with the imaginative slogan "RameN Crew-Hackers looooooooooooove noodles." Called the Ramen worm, the crack is cobbled together using software tools that are publicly available on the net. Network administrators who have installed Red Hat's security updates won't be affected by the Ramen worm. The patches have been posted on Red Hat's sites since October. The worm targets Red Hat 6.2 systems running an exploitable RPC.statd service or a vulnerable wu-FTP, and Red Hat 7.0 systems running a vulnerable LPRng. The worm does not appear to do any significant damage. It spreads by using synscan to scan the Internet for servers and then uses two common exploits to gain access. Once in, it establishes a minimal HTTP/0.9 server on port 27374 -- a common Windows Trojan port-to transmit copies of itself. Interestingly, it then closes the security hole through which it entered the system. -- ----- End forwarded message ----- -- mohammad damt [EMAIL PROTECTED] -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
