Red Hat Knowledgebase

No, Red Hat Enterprise Linux itself can not be directly affected by the Zotob worm, nor any of its variants. Note, however, that once a network of systems is made vulnerable by one weak link, any resource, including printers, can be more easily scanned and potentially exploited. This emphasizes the importance of ensuring that all system resources are maintained constantly with the latest relevant updates for security issues.

The Zotob worm, as with several types of exploits are written to take advantage of a set of vulnerabilities in a specific platform or operating system. In this case, the Zotob worm (and it's many variants) are written to exploit a known Microsoft Windows 2000 Plug- and-Play vulnerability by using widely-known techniques known as a memory buffer overflow exploit. The "Code Red" worm was one of the most publicly visible and damaging exploits of this type and directly affected only Microsoft Platforms.

Red Hat Enterprise Linux 4 includes a set of technologies, ExecShield, which can greatly reduce the chance that other, Linux-specific, memory buffer overflow exploits would be able to do harm to a system. When used in concert, these technologies can buy critical time to allow the update of a system with errata or software which repairs issues in the platform.