On Tue 1999-03-30 (06:34), Russ Allbery wrote:
> Furthermore, remember that this particular virus only has to send mail.
> It doesn't have to modify system files. It only has to modify your
> personal document files. It would therefore work just fine on a Unix
> system given a suitable Unix application. It is *not* Microsoft-specific
> in concept; it is only Microsoft-specific in implementation. Were some
> other operating system run by 90% of the computer users in the world,
> you'd see these sorts of things written for that operating system.
>
> Don't fool yourself that it can't happen to you simply by virtue of
> running a different operating system. The only way it can't happen to you
> is if you always *think* before running random programs on stuff you get
> via untrusted channels.
I agree with Russ. I'm no Microsoft fan, but such problems are not
Windoze-specific. They just have the potential to cause more damage on
Windoze.
Here's an example of a "similar" incident that affected some unix mail
clients (mutt in particular) as well as Windoze ones.
http://www.cert.org/advisories/CA-98.10.mime_buffer_overflows.html
CERT Advisory CA-98.10
Buffer Overflow in MIME-aware Mail and News Clients
Description
A vulnerability in some MIME-aware mail and news clients could allow an
intruder to execute arbitrary code, crash the system, or gain
administrative rights on vulnerable systems. The vulnerability has been
discovered by Marko Laakso and Ari Takanen of the Secure Programming Group
of the University of Oulu. It has received considerable public attention in
the media and through reports published by Microsoft, Netscape, AUSCERT,
CIAC, NTBugTraq, and others.
The vulnerability affects a number of mail and news clients in addition to
the ones which have been the subjects of those reports.
II. Impact
An intruder who sends a carefully crafted mail message to a vulnerable
system can, under some circumstances, cause code of the intruder's choosing
to be executed on the vulnerable system. Additionally, an intruder can
cause a vulnerable mail program to crash unexpectedly. Depending on the
operating system on which the mail client is running and the privileges of
the user running the vulnerable mail client, the intruder may be able to
crash the entire system. If a privileged user reads mail with a vulnerable
mail user agent, an intruder can gain administrative access to the system.
As Russ said it is a mindset problem. I doubt many people here would have
been hurt by this bug if they used mutt as a MUA, because they probably don't
read mail as root (since they're running qmail :) and they are careful about
what they execute.
Sure Microsoft is part of the problem, but they are by no means alone. As
long as the people who write software don't take security seriously enough
such things will continue to happen. And, with more Windoze and Mac software
being ported to Unix-like systems like Linux and FreeBSD, I reckon we're
going to being seeing more incidents on these systems. The impact probably
won't be as great as on Windoze 95/98/2000, but then it's not as great on
Windoze NT either.
> -- Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
- Keith
--
Keith Burdis - MSc (Com Sci) - Rhodes University, South Africa
Email : [EMAIL PROTECTED]
WWW : http://www.rucus.ru.ac.za/~keith/
IRC : Panthras JAPH
"Any technology sufficiently advanced is indistinguishable from a perl script"
Standard disclaimer.
---
