From owner-freebsd-security Tue Jul 2 9:26:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD00037B400 for ; Tue, 2 Jul 2002 09:26:35 -0700 (PDT) Received: from search.sparks.net (d-207-5-180-136.gwi.net [207.5.180.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C68043E0A for ; Tue, 2 Jul 2002 09:26:35 -0700 (PDT) (envelope-from dmiller@sparks.net) Received: by search.sparks.net (Postfix, from userid 100) id 1D86FD984; Tue, 2 Jul 2002 12:26:17 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by search.sparks.net (Postfix) with ESMTP id 104F7D982; Tue, 2 Jul 2002 12:26:17 -0400 (EDT) Date: Tue, 2 Jul 2002 12:26:16 -0400 (EDT) From: David Miller To: Andy Farkas Cc: Kent Stewart , security@FreeBSD.ORG Subject: Re: FreeBSD.Scalper.Worm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 30 Jun 2002, Andy Farkas wrote: > On Sat, 29 Jun 2002, Kent Stewart wrote: > > > One of the people sending mail to -docs, pointed me to > > > > http://securityresponse.symantec.com/avcenter/venc/data/freebsd.scalper.worm.html > > > > It looks like more exposure needs to be provided via the web site and etc. > > > > Kent > > > > -- > > Kent Stewart > > Richland, WA > > > > http://users.owt.com/kstewart/index.html > > > > Looks like this worm can be stopped by having /tmp mounted noexec. Probably not a very good solution since it could be overcome with a trivial change to the worm. The better fix is to plug the hole:) --- David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message