>> I have seen two Debian machines exploited with the -d version of >> openssl, denoted by the the files: >> /tmp/.bugtraq.c /tmp/.uubugtraq > >That's not surprising. OpenSSL 0.9.6d is vulnerable. However, in woody >we have 0.9.6c-2.woody.0, whose most recent changelog entry is: > >openssl (0.9.6c-2.woody.0) stable-security; urgency=low > > * SECURITY: patch for various overflows (upstream security patch > 0.9.6d->0.9.6e) > > -- Michael Stone <[EMAIL PROTECTED]> Mon, 29 Jul 2002 21:34:41 -0400 > >So if you were running the 0.9.6d on your Debian box, it's probably >because you are running testing (since 'd' was never part of woody), >which we all know is a bad idea if you want to keep it secure.
Yes, I know. I was only informing about that seems that is only partially vulnerable, as the worm was not able to compile the bugtraq.c... I don't know if in the c-2 the worm works partially or fully. Anybody knows? It seems that the worm does not fully works on debian. -- .,,, Guillermo PĂ©rez -=] 14/09/2002 [=- _' .,,,, - bisho@ ( onirica.com | eurielec.etsit.upm.es ) (v)/ ,'' ( \/ :: "I don't like the idea that I'm not in control of :: bisho! ``\\ :: my life." :: .........:: -- Neo, "The Matrix" ::