Re: [Sheflug] No ramen here, thanks...

[Richard Lowe <nospam [at] btinternet.com>]

* Barrie Bremner (TheEnglishman [at] ecosse.net) wrote:
> Richard Lowe writes:
>  > * PaulSims062527@aol.com (PaulSims062527 [at] aol.com) wrote:
>  > > 
>  > > Whoever is sending the Ramen stuff.... my email scanner obhects to whatever 
>  > > is in there and helpfully bins it. If you have something to say about Ramen a 
>  > > silly html page won't do it. 
>  > > 
>  > > Has this list been hacked?
>  > 
>  > uhm.
>  > 
>  > Ramen isnt an Email worm, it exploits the bugs in wu-ftpd and rpc-statd
>  > (and maybe lprNG or something, I forget).
> 
> It attacks wu-ftpd and one of nfs-utils programs from RH6.2 (enabled
> by default) and LPRng from RH7.0 (again, enabled by default).
> 
> The patches for all of these have been kicking around for months.
> 
> Why, oh why aren't all distros set up with nothing (well, only
> OpenSSH) enabled as standard practice?
> I don't think any of the major distros have bothered with this..

I've been wondering that for a while.  when I (or anyone I know) install
a system, there first thing to do, is uninstall stuff and disable
services.  The only real reason to run portmap, is NFS, (or fam), and on
systems primarily aimed at desktop use (like RedHat (and I know I'll get
flamed for this)), its very rarely needed, and if it is, the chances are
the the user could install it themselves with no trouble. The other
thing I've never really understood is why distributions dont provide
better default configs. If a user, during installation chooses to
install ftpd, or whatever, Having a sensible configuration in the
package, (and *forceing* them to change any default passwd) although
maybe taking up a bit more time in the install, Is far better in the
longrun.

Theres also somethings I'd like distributions to do that are slightly
less feasible (a basic firewall setup, blocking access to privilidged
ports from an external interface for instance) that could cause things
to not work, if it isnt customised.

I'm currently using Debian. but the times I ran RedHat I normally
ended up replacing the services I ran with better / more secure
alternatives anyway. (exim instead of sendmail, pdq instead of lpd, and
I think I tried djbdns instead of BIND). 


> 
> Hell - even OpenBSD runs portmap as standard (although their version
> hasn't been exploited for at least 3 years).


Something that bothers me now is this.

Because of that way it was reported (in the small section of the IT
press that did report it). It sounds like this can only affect RedHat
systems (and maybe the worm can only affect these systems I'm not sure). 
But the Security issues apply to any distribution / platform running
those versions of portmap / wu-ftpd / etc, and I imagine theres people
thinking they're ok. because they arent using an RH system. even tho
they're running affected versions of the software. (I guess I'll get
flamed for this too).

I appear to be in quite an inflammatory mood today, Dont know why...
I should be back to my normal lurking self by tomorrow :-)

--
|*-------------------=[ Richard Lowe ]=------------------*|
| richlowe [at] btinternet.com                   UIN: 74724348 |           
|*-------------------------------------------------------*|
| Europe has the Kilogram and the Meter.                  |
| America has the Pound and the Inch.                     |
| Childrens TV has the Elephant and the Double Decker Bus |
|*-------------------------------------------------------*|
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.