[Techtalk] "Slapper" worm targeting Linux/Apache servers]
Dave North
dave at timocharis.com
Fri Sep 20 09:32:09 EST 2002
kristina:
> I belive that what needs to be updated is openssl, not apache per se.
That's my read too, though you can simply disable SSL in apache if you
don't use it.
> If you use the releases from openssl.org, you should use something later
> than 0.9.6e. If you use redhat, the latest security patches (from early
> August) fix the vulnerability. I dunno about other distros.
Here's a list from practical-tech:
AIX (login required); Apple; Caldera/SCO; Covalent; Debian; Gentoo;
NetBSD; Mandrake, Red Hat, Solaris and SuSE all have available patches.
Note at least the SuSE patch is obscure; it may show up as openssl-0.9.6b
or so (depending on release) so dependencies aren't broken, but all
indications are the august patch release will work. However, SuSE has not
noted anything to that effect on their security updates, which has caused
confusion and doubt among many users.
Raven:
> A *reboot* is required in order for this patch to work. Having just
> rebuilt a server that was infected by slapper after the patch was
> applied but the box not rebooted, I can testify that this is indeed
> the case.
I'm surprised! My understanding was restarting apache was adequate to the
task. Did you do that and suffer a subsequent infection?
Though I am a big fan of rebooting when it's logical ... playing
the uptime game is perhaps not always the best approach.
d
More information about the Techtalk
mailing list