jonathan@cs.keele.ac.uk (Jonathan Knight) (11/16/88)
Hi there. I installed the binary bug fix from Berkely for a few of
the suns here at Keele. On looking a little closer I discovered
that all the bug fix did was to place two zero bytes over the
debug command. A little experimentation with a Ultrix machine
using telnet to a sun revealed that if I used the command
"^@^@BUG" I could still get the debug option set. All that is
needed to invoke the debug command is a method of typing null's
to sendmail.
I haven't been following all the follow-ups to the worm so does
anyone have a better fix than the one from Berkely for binary
only sites?
--
_____ Jonathan Knight, || JANET: jonathan@uk.ac.keele.cs
/ Department of Computer Science || UUCP: ...!ukc!kl-cs!jonathan
/ _ __ University of Keele, Keele, || BITNET: jonathan%cs.kl.ac.uk@
(_/ (_) / / Staffordshire. ST5 5BG. U.K. || ---------------- cunyvm.bitnetjonathan@cs.keele.ac.uk (Jonathan Knight) (11/16/88)
In article <402@kl-cs.UUCP>, I wrote > A little experimentation with a Ultrix machine > using telnet to a sun revealed that if I used the command > "^@^@BUG" I could still get the debug option set. Actually as the debug command has been replaced with a string starting with a null, simply hitting return will set the debug option. No need for any clever way of getting nulls to sendmail. Not much of a fix really, anybody got something better? -- _____ Jonathan Knight, || JANET: jonathan@uk.ac.keele.cs / Department of Computer Science || UUCP: ...!ukc!kl-cs!jonathan / _ __ University of Keele, Keele, || BITNET: jonathan%cs.kl.ac.uk@ (_/ (_) / / Staffordshire. ST5 5BG. U.K. || ---------------- cunyvm.bitnet