Im sure many will say that this message is not relevant to vpopmail mailing list, but someone may find it useful :) : --------------------------- : Description: : : Unix/Sadmind is an internet worm which propagates using a buffer : overrun exploit on Solaris systems in the sadmind program, part : of the Solstice AdminSuite. : : When the worm attacks a system it will append the text "+ +" to : the .rhosts file belonging to root. It will then copy the worm : (using rcp) to the new machine and extract into a new /dev/cuc : directory. /etc/rc.d/S71rpc will be changed so the worm is : started when the system is started and then that file will be : run to make the worm active immediately. : : When the worm is active it will scan random class B networks : looking for vulnerable machines to infect next. In parallel it : will scan for Microsoft IIS web servers and will attempt to : deface the front page with a message in red text on a black : background stating 'f**k USA Government, f**k PoizonBOx'. : : After the worm has infected 2000 other computers all index.html : files on the infected machine will be changed to display the : offensive message. : : Patches from Microsoft and Sun Microsystems are available to : patch the vulnerabilities: : : http://www.microsoft.com/technet/security/bulletin/MS00-078.asp : http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191&typ e=0&+nav=sec.sba : ---------------------------
