In this column, we look at buffer overflows in man, DQS, Netscape Enterprise Web Publisher, and IRIX Embedded Support Partner; a temporary-file race condition in the ARCservIT Unix Client; problems in Zope, Cisco Content Service Switch, CUPS, i386 . . .
In this column, we look at buffer overflows in man, DQS, Netscape Enterprise Web Publisher, and IRIX Embedded Support Partner; a temporary-file race condition in the ARCservIT Unix Client; problems in Zope, Cisco Content Service Switch, CUPS, i386 syscalls in Solaris x86, and the Logitech Wireless Desktop; and talk about Cheese the "friendly" worm.

The Cheese worm targets machines that appear to have been victims of the Lion (or 1i0n) worm (that have a root shell listening on port 10008). When it infects a machine, it removes the root shells on port 10008 that Lion places in inetd.conf and then begins to scan the network for root shells on port 10008 to find other infected machines. The Cheese worm creates a directory /tmp/.cheese with the following files in it: ADL, cheese, cheese.uue, and psm.

Systems need to be patched by their administrators -- not by software that may or may not be friendly. Systems that are affected by this worm were not only left unpatched after the BIND advisory, but were also left unpatched after the Lion worm advisory. These systems may have much greater problems than the Lion worm -- many more problems than another worm, no matter how friendly, can hope to fix.