THE VIRUS and the finger daemon (READ THIS!!!!)
Liudvikas Bukys
bukys at cs.rochester.edu
Fri Nov 4 10:21:24 AEST 1988
ANOTHER ASPECT OF TODAY'S VIRUS:
It attacks the finger daemon, which uses gets() to input a string.
The virus sends an overlong string, which overflows the 512-byte
buffer, and steps on the stack in just the right way to invoke a
shell. I think it only does this (successfully) to Vaxen.
If you have source, recode the gets() to an fgets(). If you don't
have source, turn off the finger daemon in /etc/inetd.conf or /etc/servers!
Liudvikas Bukys
<bukys at cs.rochester.edu>
P.S. The virus also seems to poke around with telnet, but I don't know
of any holes in the telnet daemon. Maybe it only does that after it has
figured out a password for an account.
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list