Subject: Re: Code-red worm (snicker snicker...)
To: None <>
From: Myrddin Emrys <>
List: netbsd-users
Date: 08/06/2001 00:18:06
> > It was a buffer overflow, and there are lots of those on Unix systems,
> > too.  Should one be found in Apache, the Net might be worse off,
> > because Apache has so much more market share than IIS does.
> however, apache doesn't run on just one architecture and OS, and last
> time I checked, buffer overflows that run arbitrary code are still
> heavily dependent on the architecture and OS underneath the application
> being smashed.  A buffer overflow that targets NetBSD/i386 won't affect
> other NetBSD architectures.  the method of the overflow may be common
> between systems, but you've still got to "customize" the attack on a per
> architecture/OS basis.  or have virus writers done "multiple payload"
> attacks?

Windows NT does not run on just one architecture, believe it or not. At my
current business, we run our more security-necessary windows processes on
Alpha boxes. Windows isn't nearly as diverse as NetBSD of course, but you
can't argue that most installations *are* on i386 architectures.