[Techtalk] "Slapper" worm targeting Linux/Apache servers]
k clair
kclair at serve.com
Fri Sep 20 12:36:44 EST 2002
The RedHat update versions are equally as confusing as SuSE's...
for 6.2 the new release is 0.9.5a-29 or somesuch, and for 7.3 it's 0.9.6b-28
(or somesuch :) )
... which is why I mentioned the RedHat. Their updates site doesn't
specifically say that it fixes the same vulnerability as the worm exploits.
It took me some digging to be sure.
kristina
On Fri, Sep 20, 2002 at 09:32:09AM -0700, Dave North wrote:
- kristina:
- > I belive that what needs to be updated is openssl, not apache per se.
-
- That's my read too, though you can simply disable SSL in apache if you
- don't use it.
-
- > If you use the releases from openssl.org, you should use something later
- > than 0.9.6e. If you use redhat, the latest security patches (from early
- > August) fix the vulnerability. I dunno about other distros.
-
- Here's a list from practical-tech:
- AIX (login required); Apple; Caldera/SCO; Covalent; Debian; Gentoo;
- NetBSD; Mandrake, Red Hat, Solaris and SuSE all have available patches.
-
- Note at least the SuSE patch is obscure; it may show up as openssl-0.9.6b
- or so (depending on release) so dependencies aren't broken, but all
- indications are the august patch release will work. However, SuSE has not
- noted anything to that effect on their security updates, which has caused
- confusion and doubt among many users.
-
- Raven:
- > A *reboot* is required in order for this patch to work. Having just
- > rebuilt a server that was infected by slapper after the patch was
- > applied but the box not rebooted, I can testify that this is indeed
- > the case.
-
- I'm surprised! My understanding was restarting apache was adequate to the
- task. Did you do that and suffer a subsequent infection?
- Though I am a big fan of rebooting when it's logical ... playing
- the uptime game is perhaps not always the best approach.
-
- d
-
- _______________________________________________
- Techtalk mailing list
- Techtalk at linuxchix.org
- http://mailman.linuxchix.org/mailman/listinfo/techtalk
More information about the Techtalk
mailing list