The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Zardoz 'Security Digest' - Archives (1989 - 1991)
DOCUMENT: Zardoz 'Security Digest' V1 #12 1989-03-13 (1 file, 673 bytes)
NOTICE: recognises the rights of all third-party works.


Date: Mon, 13 Mar 89 15:02:53 PST
Subject: Security Digest V1 #12

Security Digest Volume 1 Issue 12


            The Honeyman Worm


Date: Sat, 11 Mar 89 16:04:16 EST
From: uunet!!chip (Chip Salzenberg)
Subject: The Honeyman Worm

When Peter Honeyman posted "The UUCP worm" to the Usenet, I approved of his
openness; but I also worried about the (hypothetical) brain-dead user who
decides to actually run the thing.

(For those of you who tuned in late: some versions of UUCP do not check for
backquote characters in the strings they are asked to execute.  Backquotes
are a mechanism in most UNIX shells for running arbitrary programs and
interpolating their output into a command line.  Honeyman's worm uses this
facility to propagate itself to all UUCP neighbors of the infected host.)

Has this disaster already happened?  What other flavors of UUCP are
vulnerable besides HoneyDanBer (also known as Basic Networking Utilities)?
Is there a need for some concerted action to avert such an attack?


        End of Security Digest Volume 1 Issue 12