[vox-tech] Linux's Vulnerability to E-mail Viruses
vox-tech@lists.lugod.org
vox-tech@lists.lugod.org
Thu, 25 Apr 2002 01:06:59 -0400
On Wed, Apr 24, 2002 at 09:55:22PM -0700, Richard Crawford wrote:
> I'd like to pass this on to another list that I'm on which is discussing
> just this issue. May I?
Richard,
Certainly.
Please leave my email address and authorship in whatever you forward
so people know who to contact about errors...
Later,
Mike
> On Wed, 2002-04-24 at 21:47, msimons@moria.simons-clan.com wrote:
> > On Wed, Apr 24, 2002 at 09:21:12PM -0700, Richard S. Crawford wrote:
> > > I'm operating under the assumption that while viruses for Linux that
> > > spread like Windows viruses are very rare, there are still some out
> > > there.
> > >
> > > So, given that, what level of vigilance is necessary against incoming
> > > viruses in a Linux system?
> >
> > Richard,
> >
> > Short answer: don't read email as root, don't open attachments from
> > email ever, do update your mail handling system from time to time
> > especially if you heard about an exploit in some component you use,
> > and do think before you react to an email.
> >
> >
> > Email borne viruses fall into three main categories:
> >
> > - Vulnerabilities in your mail handing system,
> > (mail server, fetchmail, procmail, email client, etc...)
> >
> > Which typically stack overflow problems and should be very rare
> > and fixed by the upstream maintainers in a heart-beat once found
> > (sometimes quietly fixed) however these fixes get a fair amount of
> > publicity if found in the wild.
> >
> > - Vulnerabilities in your attachment processing system or programs,
> > (mail client auto-open-attachments, mailcap,
> > openoffice, abiword, gnumeric, etc...)
> >
> > A mailcap configuration _can_ be extremely dangerous, because you
> > can elect to do anything you want with a data stream based on it's
> > mimetype. If you pass a outside data stream to a vulnerable program
> > with mailcap or even manually you are at risk of any exploits against
> > that program.
> >
> > There are a large number of these holes which exist, and some
> > get created or closed every day. Basically any program you run
> > that can be feed an input file and crashes is a hole should not
> > be trusted with a mail borne data stream. Fixes are not generally
> > well published, as long as you stick to text based email you are safe.
> >
> > If you are doing mail as your own user the good news is you can
> > not damage the system, just wipe out the files owned by your user
> > account. This is until someone builds a super virus which would
> > get initial user access through an application vulnerability then
> > run a collection local-root exploits to take over root. This will
> > be front page news practically ever where.
> >
> > - Vulnerabilities in wetware processing the mail,
> > ("send to all your friends or else", "Make money fast",
> > "do X and your hair won't fall out"
> > save-to-file/change-to-file/chmod-to-executable/run-[as-root])
> >
> > There isn't much that can be done about these people, short
> > of turning on spam filters, education, or execution (depending
> > on your stance).
> >
> > TTFN,
> > Mike
> > _______________________________________________
> > vox-tech mailing list
> > vox-tech@lists.lugod.org
> > http://lists.lugod.org/mailman/listinfo/vox-tech
> --
> Sliante,
> Richard S. Crawford
>
> mailto:rscrawford@mossroot.com http://www.mossroot.com
> AIM: Buffalo2K ICQ: 11646404 Yahoo!: rscrawford
> MSN: underpope@hotmail.com
>
> "It is only with the heart that we see rightly; what is essential is
> invisible to the eye." --Antoine de Saint Exupery
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech