Subject: Re: Code-red worm (snicker snicker...)
To: None <firstname.lastname@example.org>
From: Aaron J. Grier <email@example.com>
Date: 08/02/2001 11:06:23
On Thu, Aug 02, 2001 at 10:25:55AM -0400, Steven M. Bellovin wrote:
> No -- it could have happened to any OS.
haven't similar things happened in the past to Linux/x86? the ramen
> It was a buffer overflow, and there are lots of those on Unix systems,
> too. Should one be found in Apache, the Net might be worse off,
> because Apache has so much more market share than IIS does.
however, apache doesn't run on just one architecture and OS, and last
time I checked, buffer overflows that run arbitrary code are still
heavily dependent on the architecture and OS underneath the application
being smashed. A buffer overflow that targets NetBSD/i386 won't affect
other NetBSD architectures. the method of the overflow may be common
between systems, but you've still got to "customize" the attack on a per
architecture/OS basis. or have virus writers done "multiple payload"
I fear the day a worm shows up for NetBSD/vax. ;)
Aaron J. Grier | "Not your ordinary poofy goof." | firstname.lastname@example.org