, SecurityFocus 2001-01-17
'Ramen' targets known security holes in Red Hat 6.2 and 7.0.An Internet worm cobbled together from pre-existing scripts is spreading rapidly through Red Hat Linux systems, leaving in its wake a trail of defaced web pages touting the virtues of oriental noodles. The so-called 'Ramen' worm is a bulky, but effective, collection of hacking tools rolled up into a package. A modified scanning program searches broad swaths of the Internet for Red Hat Linux versions 6.2 and 7.0 installations. The scanner then launches attacks against those machines with publicly available exploits of three known vulnerabilities and spreads into each crackable box. On Red Hat 6.2 systems, the worm exploits vulnerabilities in wu-ftpd and rpc.statd. On version 7.0, it attacks LPRng. Detailed information on fixing all three holes can be found in SecurityFocus's vulnerability database (see insert).