One of the temporary condoms with a hole in it that was going around immediately after the worm hit was to emacs /usr/ucb/sendmail (or whatever directory you keep all your stinky hippie software in), ^S DEBUG ESC M-b ^D ^Q ^@ ^X ^S (that is, null out the first character of the “DEBUG” command).
Apparently some bright Sun sysadmin immediately applied that patch to the sendmail server running on
sun.com...
I needed to verify a
sun.com email address on a mailing list I ran, so I went “telnet
sun.com 25” and hit return a couple times to flush out the telnet negotiation characters (the telnet client sends a few characters of telnet protocol like an “interpret as command” escape sequence like “IAC DON’T RANDOMLY-LOSE", so hitting return causes a syntax error and reads a fresh new line).
The second return I hit entered an empty line that matched the DEBUG command whose name was now the null string.
When I did “expn
foo@sun.com” it dumped out pages of debugging information!!!
So I’d accidentally put
sun.com’s sendmail into debug mode by pressing return, since they'd effectively renamed the “DEBUG” command to “”, which stopped the worm, but not me!
-Don
The infamous Morris Worm was released in 1988; making use of known vulnerabilities in Sendmail/finger/RSH (and weak passwords), it took out a metric shitload of SUN-3s and 4BSD Vaxen (the author claimed that it was accidental, but the idiot hadn't tested it on an isolated network first). A temporary "condom" was discovered by Rich Kulawiec with "mkdir /tmp/sh".
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."