[Techtalk] "Slapper" worm targeting Linux/Apache servers]

k clair kclair at serve.com
Fri Sep 20 11:32:17 EST 2002 

 Hello,
 
 I belive that what needs to be updated is openssl, not apache per se.
 
 If you use the releases from openssl.org, you should use something later 
 than 0.9.6e. If you use redhat, the latest security patches (from early 
 August) fix the vulnerability.  I dunno about other distros.
 
 kristina
 
- On Fri, Sep 20, 2002 at 02:24:54AM -0500, Grrliegeek wrote:
- - I hadn't seen this mentioned yet on either list I'm posting it to. This is 
- - going to techtalk and the Austin Linux Group. There is a worm going around 
- - that's targeting apache servers using a vulnerability discovered in July 
- - (which I think was patched and a new version of apache that is not vulnerable 
- - is out there).
- - 
- - In a thread on linuxchix about security and why it's not always as up to date 
- - as ideal, someone mentioned that they hadn't patched their (apache?) server 
- - because they had other things they wanted to accomplish with the server 
- - first. I think that due to the widespread nature of this worm, making sure 
- - apache is up to snuff is of importance.
- - 
- - For more information:
- - http://www.msnbc.com/news/808678.asp?0dm=C16KT
- - http://online.securityfocus.com/news/662
- - 
- - >From the latter url, story dated 9/16/02:
- - Slapper exploits a previously-disclosed OpenSSL vulnerability, to create an 
- - attack platform for distributed denial-of-service (DDoS) attacks against 
- - other sites. The worm also has backdoor functionality, according to, security 
- - tools vendor ISS. It describes the malicious code as a variation of the much 
- - less virulent Apache "Scalper" BSD worm.
- - 
- - The OpenSSL server vulnerability exploit exists on a wide variety of 
- - platforms, but Slapper appears to work only on Linux systems running Apache 
- - with the OpenSSL module (mod_ssl) on Intel architectures.
- - 
- - The Slapper worm was first seen on Friday the 13th. Since then it has infected 
- - thousands of web servers around the world and continues to spread. By late 
- - last night 6,000 servers were infected with the worm, according to AV vendors 
- - F-Secure. 
- - 
- - Syleniel
- - _______________________________________________
- - Techtalk mailing list
- - Techtalk at linuxchix.org
- - http://mailman.linuxchix.org/mailman/listinfo/techtalk

----- End forwarded message -----

More information about the Techtalk mailing list