Rick Smith writes:
> Of course, RTM didn't use a C compiler to exploit the old fingerd
> buffer overrun vulnerability, just the fact that fingerd was running
> as root on most systems.
Ahem ... RTM did use a C compiler (to compile the grappling hook that
pulled over the rest of the worm) and it didn't require root (since the
worm made no efforts to exploit the fact that it was privileged and if
fingerd had been running as another user the worm would still have worked).
That said, I agree that if your firewall platform is a typical "Almost
C2" Unix then there is no point in stripping it down - if the bad guys
can get a login or just execute a shell script then you are toast. Neil.
uk Phone: +1 908 855 1221 x519
Anything is a cause for sorrow that my mind or body has made