The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #356 [Update to Worm Tech Report] (1 message, 1423 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/356.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: spaf (Gene Spafford)
To: phage
Date: Sat 18:04:12 10/12/1988 EST
Subject: Update to Worm Tech Report
References: [Thread Prev: 357] [Thread Next: 359] [Message Prev: 357] [Message Next: 359]

General Information
-------------------
My technical report, "The Internet Worm Program: An Analysis", Purdue
Technical Report CSD-TR-823, has been revised.  The revisions were
mostly small grammatical corrections, but also included fixes for a few
minor errors and omissions and to clarify a few points.

The revised report has the words "revised December 8, 1988" at the
bottom of the title page.  None of the paper copies of the report
mailed prior to December 14 had the corrections in place.  The FTP
versions of the report on arthur.cs.purdue.edu  were updated on
December 10.  The copies on uunet and osu-cis were also updated Dec. 10.

The two versions are very similar and unless you are keeping an
archival copy of the report for some reason, you should not need to get
an updated version.  A full copy of the revised version will appear in
the January issue of "Computer Communication Review," published by ACM
SIGCOM (v.19 #1), so copies may also be made from that source.

I welcome your continued comments and suggestions.
--gene spafford
10 December 1988


Changes of note
---------------
Page 1, 3rd paragraph.
s/By late Thursday night/By late Wednesday night/

Page 2, 2nd paragraph.
s/As of November 27, I am aware of at least five versions/
	/As of December 8, I am aware of at least eleven versions/

Page 5, 1st paragraph of 3.1.2.
The reference to SMTP should be Postel 1982, RFC 821, instead of RFC 822 by
Crocker.  Another classic off-by-one error :-)

Page 5, section 3.1.2.
The new version of sendmail will be version 5.61.  It is scheduled to be
available after December 12.  *Any* version prior to 5.59, even if patched
with the fixes in Appendix D, has some security problems and should be
replaced.

Page 9, the Vax code.
s/pushrl/pushl/ everywhere.

Page 10.
Footnote #9 refers to the mention of "rexec" in point 10a.
The reference to footnote 9 should be to footnote 10 in the sentence
ending "...predetermined TCP socket."

Page 25, comments on "test".
Now noted that the "[" synonym for "test" is now built in to many (but not
all) shells.  Explicitly noted that the "-e" flag is in the "csh" version of
"test" (but is not in the /bin/test or "test" built in to the Bourne shell).

Page 25, footnote #17.
The patch was actually developed at a meeting of Purdue admins, staff and
faculty.  The confirmation of the patch was done by Braunsdorf & Kulawiec.

Page 30, paragraph 4.
s/almost no men's names/almost no common men's names/

END OF DOCUMENT