NetMAXFAQ: Is my NetMAX vulnerable to the Ramen Worm?

Security Updates :
Is my NetMAX vulnerable to the Ramen Worm?

Applies to: All linux NetMAX products version 2.0 - 3.1
address-suppressed

[01/30/2001] Almost any Linux OS would be susceptible to attack by the Ramen Worm when run by a system user. However, the Ramen Worm's default method of gaining entry as a system user is through a site_exec exploit in WU-FTPD. Although the L22Pv3.1 version of NetMAX includes a version of WU-FTPD that has been patched to protect itself against this exploit, we recommend upgrading to L22Pv31p1, as it replaces WU-FTPD with the more secure ProFTPD. If you are unable to upgrade to L22Pv3.1 or later, we recommend disabling anonymous FTP (available in our Web Server products).

The Ramen Worm's other methods of entry, through rpc.statd and LPRng do not effect the NetMAX system, as these are not included with the NetMAX distribution. If you have installed these applications manually, you may be susceptible.

The Ramen Worm, although quite popular in the media, is rated as low risk. Its main attack is changing all of your index.html files to contain an annoying message by the worm's author. This makes the attack only effective against our Web Server products.

We always recommend performing regular backups, and examining your log files on a regular basis.
address-suppressed

Previous:	If I don't have a firewall, how should I lockdown my NetMAX?
Next:	TSIG Buffer overflows allow DNS compromise.

This document is: http://www.netmax.org/cgi-bin/fom.cgi?file=402

	[Search]	[Appearance]
This is a Faq-O-Matic 2.721.

This FAQ administered by ...Cybernet Systems Corp.