1) What was the cause of the first Internet Worm? In specific, what vulnerabilities did the worm take advantage of in order to spread through the Internet?The cause of the first worm was “known security loopholes in applications closely related with the operating system” (1989, pg.1), specifically VAX computers and SUN-3 workstations running the 4.2 and 4.3 Berkley UNIX code. The two main vulnerabilities in the systems the worm exploited were basic network services; sendmail and fingerd. In the case of the sendmail service, the worm utilized a “non-standard debug command” (1989, pg.2) to propagate itself within other remote hosts, thus starting the self replicating process of the worm once again. With the fingerd service, the worm instigated a memory overflow situation in which placed more characters that the service itself could handle, thus allowing the worm to execute a random program. Other vulnerabilities this worm took advantage of included password guessing and trusted host features.
2) Are those vulnerabilities still present?
These particular vulnerabilities were address and preventative measures were implemented in order to prevent future exploitation of these services. However, that is not to say another attack or similar vulnerabilities cannot be exploited in the near future. In this particular situation, the vulnerabilities would not have been noticed would it not have been for the worm. While this worm was extremely destructive, it was also extremely eye opening for the computing community as to weaknesses that needed to be addressed.
References:
http://tools.ietf.org/rfc/rfc1135.txt
http://www.faqs.org/rfcs/rfc1135.html
