[Techtalk] "Slapper" worm targeting Linux/Apache servers]
Raven Brooke
linuxchiq at linuxchiq.com
Fri Sep 20 21:28:08 EST 2002
If you point your browser to:
http://www.redhat.com/support/alerts/linux_slapper_worm.html
You will find that Redhat support suggests:
"Because both client and server applications are affected by these
vulnerabilities, we advise users to reboot their systems
after installing these updates."
Your call, but a reboot certainly beats a reuild :-)
Cheers,
Raven
On Fri, 20 Sep 2002, Mandi wrote:
> On Fri, 20 Sep 2002, Raven Brooke wrote:
>
> > On Fri, 20 Sep 2002, Dave North wrote:
> >
> > Yes, patch applied, Apache restarted, subsequent slapper infection.
> >
> > The reason seems to be that OpenSSL has both server and client components,
> > some of which don't get initialized by a HANGUP or HUP signal. A reboot is
> > the best way to do this.
> >
>
> What versions are you running? I've never noticed this on my boxes...are
> you on redhat? with rpms or roll your own? if you use apache's apachectl
> restart, it should kill all the child processes, restart the server, and
> you'll have a new pid, having reloaded all the libraries.
>
> apachectl reload won't do that, though; it just re-reads the config, and
> depending on the configuration, some children will be killed and others
> won't. i noticed that behavior on a mandrake box with mod_perl configured
> to be started by it's own apache parent process.
>
> --mandi
>
--
SELECT * FROM users WHERE clue > 0
0 rows returned.
More information about the Techtalk
mailing list