Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!athena.mit.edu!jik From: jik@athena.mit.edu (Jonathan I. Kamens) Newsgroups: comp.lang.c Subject: Re: Insecure hardware (was Re: gets(3) nonsense) Message-ID: <8308@bloom-beacon.MIT.EDU> Date: 5 Dec 88 05:06:08 GMT References: <867@cernvax.UUCP> <645@quintus.UUCP> <339@igor.Rational.COM> <4869@bsu-cs.UUCP> <14733@mimsy.UUCP> <13203@ncoast.UUCP> Sender: daemon@bloom-beacon.MIT.EDU Reply-To: jik@athena.mit.edu (Jonathan I. Kamens) Organization: Massachusetts Institute of Technology Lines: 20 In article <13203@ncoast.UUCP> allbery@ncoast.UUCP (Brandon S. Allbery) writes: >From what I've read, the fingerd attack was applied to Suns as well -- but >the "wwww" address *was* sufficiently wrong, so an infected fingerd simply >dumped core. This is not correct. I just checked with the one of the members of the team who disassembled the code here at MIT. He says that the problem with the Sun version of the worm was that it was trying to use the same hex instructions as the VAX code. This obviously wouldn't work, since the Sun instruction set is just slightly different from the VAX's :-). If the author(s) of the code had bothered to figure out the stack frame dimensions on the Sun, I'm sure he/she/they would have also figured out the necessary Sun instructions to make it work, and vice versa. Jonathan Kamens MIT Project Athena