Sun Cobalt RaQ and Slapper
Posted on: 09/15/2002 10:33 AM

Michael Stauber has posted a temporary hotfix for the Slapper worm on Sun's supportforum:\"As root and from within SSH (or Telnet, which you should have disabled as a security precaution) issue the following command: \chmod 700 /usr/bin/gcc \It will remove most of the executable bits from the GCC compiler so that the compiler is only available to user root, but not to ordinary users or the httpd process. The more drastic approach would be to deny the compiler to all users including root: \chmod 600 /usr/bin/gcc \As said: The worm can still exploit the Apache hole to get in, but it then won't be able to compile the exploit code on the RaQ."\Read more




Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/sun_cobalt_raq_and_slapper.html)