Michael Stauber has posted a temporary hotfix for the Slapper worm on Sun's supportforum:
"As root and from within SSH (or Telnet, which you should have disabled as a security precaution) issue the following command:
chmod 700 /usr/bin/gcc
It will remove most of the executable bits from the GCC compiler so that the compiler is only available to user root, but not to ordinary users or the httpd process. The more drastic approach would be to deny the compiler to all users including root:
chmod 600 /usr/bin/gcc
As said: The worm can still exploit the Apache hole to get in, but it then won't be able to compile the exploit code on the RaQ."
Read more
"As root and from within SSH (or Telnet, which you should have disabled as a security precaution) issue the following command:
chmod 700 /usr/bin/gcc
It will remove most of the executable bits from the GCC compiler so that the compiler is only available to user root, but not to ordinary users or the httpd process. The more drastic approach would be to deny the compiler to all users including root:
chmod 600 /usr/bin/gcc
As said: The worm can still exploit the Apache hole to get in, but it then won't be able to compile the exploit code on the RaQ."
Read more
