From owner-freebsd-security  Sun Jun 30  7:17: 5 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 432B937B400
	for <security@FreeBSD.ORG>; Sun, 30 Jun 2002 07:17:00 -0700 (PDT)
Received: from mail.seattleFenix.net (sense-sea-MegaSub-1-501.oz.net [216.39.145.247])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9D21943E13
	for <security@FreeBSD.ORG>; Sun, 30 Jun 2002 07:16:59 -0700 (PDT)
	(envelope-from roo@mail.seattleFenix.net)
Received: (from roo@localhost)
	by mail.seattleFenix.net (8.11.6/8.11.6) id g5UEI3Z24722;
	Sun, 30 Jun 2002 07:18:03 -0700 (PDT)
	(envelope-from roo)
Date: Sun, 30 Jun 2002 07:18:03 -0700
From: Benjamin Krueger <benjamin@seattleFenix.net>
To: Andy Farkas <andyf@speednet.com.au>
Cc: Kent Stewart <kstewart@owt.com>, security@FreeBSD.ORG
Subject: Re: FreeBSD.Scalper.Worm
Message-ID: <20020630071803.B23168@mail.seattleFenix.net>
References: <3D1E9CDD.6050507@owt.com> <Pine.BSF.4.33.0206302244150.42445-100000@backup.af.speednet.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.33.0206302244150.42445-100000@backup.af.speednet.com.au>; from andyf@speednet.com.au on Sun, Jun 30, 2002 at 10:46:37PM +1000
X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Andy Farkas (andyf@speednet.com.au) [020630 05:51]:
> On Sat, 29 Jun 2002, Kent Stewart wrote:
> 
> > One of the people sending mail to -docs, pointed me to
> >
> > http://securityresponse.symantec.com/avcenter/venc/data/freebsd.scalper.worm.html
> >
> > It looks like more exposure needs to be provided via the web site and etc.
> >
> > Kent
> >
> > --
> > Kent Stewart
> > Richland, WA
> >
> > http://users.owt.com/kstewart/index.html
> >
> 
> Looks like this worm can be stopped by having /tmp mounted noexec.

Or running a non-vulnerable version of Apache.

> --
> 
>  :{ andyf@speednet.com.au
> 
>         Andy Farkas
>     System Administrator
>    Speednet Communications
>  http://www.speednet.com.au/

-- 
Benjamin Krueger

"Life is far too important a thing ever to talk seriously about."
- Oscar Wilde (1854 - 1900)
----------------------------------------------------------------
Send mail w/ subject 'send public key' or query for (0x251A4B18)
Fingerprint = A642 F299 C1C1 C828 F186  A851 CFF0 7711 251A 4B18

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message