|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] [Fwd: Apache OpenSSL worm in the wild] (fwd)
|
This might interest some people.
Fred Ollinger (follinge@sas.upenn.edu)
CCN sysadmin
> The incident analysis team over here is examining this thing. At first
> glance it looks reasonably sophisticated. Looks to me like it exploits
> the issue described as BID 5363, http://online.securityfocus.com/bid/5363.
> It seems to pick targets based on the "Server:" HTTP response field.
> Mario Van Velzen proposed a quick workaround of disabling ServerTokens or
> setting it to ProductOnly to turn away at least this version of the exploit
> until fixes can be applied. Another thing to note is that it communicates
> with its friends over UDP / port 2002.
> > I have now seen a worm for the OpenSSL problems I reported a few weeks
> > back in the wild. Anyone who has not patched/upgraded to 0.9.6e+ should
> > be _seriously worried_.
> >
> > It appears to be exclusively targeted at Linux systems, but I wouldn't
> > count on variants for other systems not existing.
> >
> > Cheers,
> >
> > Ben.
> >
> > --
> > http://www.apache-ssl.org/ben.html http://www.thebunker.net/
> >
> > "There is no limit to what a man can do or how far he can go if he
> > doesn't mind who gets the credit." - Robert Woodruff
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|