l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2002 Apr 24 22:22

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux's Vulnerability to E-mail Viruses
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux's Vulnerability to E-mail Viruses



On Wed, Apr 24, 2002 at 09:55:22PM -0700, Richard Crawford wrote:
> I'd like to pass this on to another list that I'm on which is discussing
> just this issue.  May I?

Richard,

  Certainly.  

  Please leave my email address and authorship in whatever you forward
so people know who to contact about errors...

    Later,
      Mike

> On Wed, 2002-04-24 at 21:47, msimons@moria.simons-clan.com wrote:
> > On Wed, Apr 24, 2002 at 09:21:12PM -0700, Richard S. Crawford wrote:
> > > I'm operating under the assumption that while viruses for Linux that
> > > spread like Windows viruses are very rare, there are still some out
> > > there.
> > > 
> > > So, given that, what level of vigilance is necessary against incoming
> > > viruses in a Linux system?
> > 
> > Richard,
> > 
> >   Short answer: don't read email as root, don't open attachments from 
> > email ever, do update your mail handling system from time to time
> > especially if you heard about an exploit in some component you use,
> > and do think before you react to an email.
> > 
> > 
> > Email borne viruses fall into three main categories:
> > 
> > - Vulnerabilities in your mail handing system,
> >   (mail server, fetchmail, procmail, email client, etc...)
> > 
> >     Which typically stack overflow problems and should be very rare
> >   and fixed by the upstream maintainers in a heart-beat once found 
> >   (sometimes quietly fixed) however these fixes get a fair amount of 
> >   publicity if found in the wild.
> > 
> > - Vulnerabilities in your attachment processing system or programs,
> >   (mail client auto-open-attachments, mailcap, 
> >    openoffice, abiword, gnumeric, etc...)
> > 
> >     A mailcap configuration _can_ be extremely dangerous, because you
> >   can elect to do anything you want with a data stream based on it's 
> >   mimetype.  If you pass a outside data stream to a vulnerable program 
> >   with mailcap or even manually you are at risk of any exploits against
> >   that program.
> > 
> >     There are a large number of these holes which exist, and some
> >   get created or closed every day.  Basically any program you run 
> >   that can be feed an input file and crashes is a hole should not
> >   be trusted with a mail borne data stream.  Fixes are not generally
> >   well published, as long as you stick to text based email you are safe.
> > 
> >     If you are doing mail as your own user the good news is you can
> >   not damage the system, just wipe out the files owned by your user
> >   account.  This is until someone builds a super virus which would 
> >   get initial user access through an application vulnerability then 
> >   run a collection local-root exploits to take over root.  This will
> >   be front page news practically ever where.
> > 
> > - Vulnerabilities in wetware processing the mail,
> >   ("send to all your friends or else", "Make money fast", 
> >    "do X and your hair won't fall out"
> >    save-to-file/change-to-file/chmod-to-executable/run-[as-root])
> > 
> >     There isn't much that can be done about these people, short
> >   of turning on spam filters, education, or execution (depending
> >   on your stance).
> > 
> >     TTFN,
> >       Mike
> > _______________________________________________
> > vox-tech mailing list
> > vox-tech@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> -- 
> Sliante,
> Richard S. Crawford
> 
> mailto:rscrawford@mossroot.com		http://www.mossroot.com
> AIM:  Buffalo2K   ICQ: 11646404  Yahoo!: rscrawford
> MSN:  underpope@hotmail.com
> 
> "It is only with the heart that we see rightly; what is essential is
> invisible to the eye."  --Antoine de Saint Exupery
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.