Security Alert:

William F. Acker WB2FLW +1-303-777-8123 wacker at octothorp.org
Sun Jan 28 23:15:25 EST 2001


Good to see you back online, Geoff!

     From what I read, the worm connects to the system and determines
whether the system is RH6.2 or RH7.0.  Those are the only two systems that
it's interested in.  If it's RH6.2, a buffer overflow attack is tried on
the wu-ftp daemon, if any is running.  If 7.0, it goes after LPD in a
similar way.  Last june, RedHat released a new wu-ftpd for RH6.2, and
some time in earli October, I think, RH released a new version of LPRng
for 7.0.
Both fixes address the above mentioned problem.





          HTH.
          Bill






More information about the Speakup mailing list