Subject: Re: Code-red worm (snicker snicker...)
To: None <>
From: Aaron J. Grier <>
List: netbsd-users
Date: 08/02/2001 11:06:23
On Thu, Aug 02, 2001 at 10:25:55AM -0400, Steven M. Bellovin wrote:

> No -- it could have happened to any OS.

haven't similar things happened in the past to Linux/x86?  the ramen
worm, etc?

> It was a buffer overflow, and there are lots of those on Unix systems,
> too.  Should one be found in Apache, the Net might be worse off,
> because Apache has so much more market share than IIS does.  

however, apache doesn't run on just one architecture and OS, and last
time I checked, buffer overflows that run arbitrary code are still
heavily dependent on the architecture and OS underneath the application
being smashed.  A buffer overflow that targets NetBSD/i386 won't affect
other NetBSD architectures.  the method of the overflow may be common
between systems, but you've still got to "customize" the attack on a per
architecture/OS basis.  or have virus writers done "multiple payload"

I fear the day a worm shows up for NetBSD/vax.  ;)

  Aaron J. Grier | "Not your ordinary poofy goof." |