Linux Today: Linux News On Internet Time.

LinuxPlanet: Ramen and the Danger of Default Linux Configurations

Jan 18, 2001, 19:16 (12 Talkback[s])
(Other stories by Kevin Reichard)

"Basically, the Ramen worm looks for RPC.statd and wu-FTP vulnerabilities in Red Hat 6.2 and 7.0 -- vulnerabilities that are well-known in the Linux security community. After gaining access to the system, Ramen fixes the hole, replaces some basic system files, and puts up a new index page that says "RameN Crew--Hackers looooooooooooove noodles." It then notifies a Web-based email account of the successful intrusion."

"Not that this worm is really dangerous. Sure, the security companies and the consultants have lept upon this worm as something really dangerous, but they're just trying to drum up a little business. (The more authoratative and unbiased CERT, the Computer Emergency Response Team at Carnegie-Mellon, hasn't even bothered to send out an advisory.) I spend a fair amount of time surfing the Web, and I haven't seen a single instance of this worm in action. Similarly, the talkbacks on Linux Today haven't yielded a single instance of anyone claiming to be hit by this worm. So I really question how widespread this worm really is."

"Not that it matters. In many ways, this worm will probably end up being good news for Linux system administrators. For those who didn't know about the many security holes present in a default Linux distribution, it will cause them to address them upon installation and configuration of a new system. Yes, these holes exist, and the next time around the worm may do some actual damage instead of just overwriting the index page. Security should always be paramount when setting up a Linux server or desktop, and this limited worm should be proof enough that closing down security holes and setting up firewalls should be mandatory for any computer user, not just Linux users."

Complete Story

Related Stories: