Xref: utzoo comp.protocols.tcp-ip:5196 comp.unix.wizards:12184
Path: utzoo!utgpu!attcan!uunet!husc6!mailrus!cwjcc!cwsys3!ferencz
From: ferencz@cwsys3..CWRU.Edu (Don Ferencz)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: a holiday gift from Robert "wormer" Morris
Message-ID: <250@cwjcc.CWRU.Edu>
Date: 7 Nov 88 15:55:05 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <2060@spdcc.COM> <24@jove.dec.com>
Sender: news@cwjcc.CWRU.Edu
Reply-To: ferencz@cwsys3.cwru.EDU (Don Ferencz)
Distribution: na
Organization: CWRU Dept of Systems Engineering
Lines: 25

In article <24@jove.dec.com> vixie@decwrl.dec.com (Paul Vixie) writes:
>
>I've known about it for a long time.  I thought it was common knowledge
>and that the Internet was just a darned polite place.  (I think it _was_
>common knowledge among the people who like to diddle the sendmail source.)
>
>The bug in fingerd was a big surprise, though.  Overwriting a stack frame
>on a remote machine with executable code is One Very Neat Trick.

I wasn't aware of these tricks, but I find them interesting now, knowing
what security hazards they pose.  Is there some place interested
[sick, twisted] individuals like me could get more information on
Morris' handiwork?  It would be a benefit from a security aspect.  I also
realize that presenting such information could be considered another
risk, perhaps "inviting" someone else to subject us to the same
peril (although most of the net is now "immunized" against this
particular virus).


===========================================================================
| Don Ferencz                       |  "And in the end/                   |
| ferencz@cwsys3.cwru.EDU           |   The love you take/                |
| Department of Systems Engineering |   Is equal to the love you make."   |
| Case Western Reserve University   |       -- The Beatles                |
===========================================================================