On 24 Sep 2002, James Sparenberg wrote: > And in addition to patching up... (Always the best move no matter what.) > I've read where going into /tmp and doing > > touch bugtaq bugtraq.c > > chmod 400 bugtraq bugtraq.c > > Seems to fool the program into thinking this is an already cracked box > (Havent proof this works but a little extra precaution always makes me > feel better.)
Since there are a number of varients out there, this is not going to help a whole lot. Fixing the hole is the first priority. BTW, this is not the only issue you need to be concerned about. There are problems in glibc, php and others that need to be updated as well. Keeping up on the bug fixes is a neverending process. Just when you think you have them all, a new group shows up to bedevil you. > > James > > > On Tue, 2002-09-24 at 17:42, Jeffrey Twu wrote: > > (sorry, inserted carriage returns below) > > > > Hi folks, > > > > A web server at work got cracked on Sunday, and it looks like > > they used the SSL hole. The bad person left a .tar.gz file in a > > directory, and we did a google search on the filename, and voila -- it > > was a script (uploaded Sep 17) that exploited the vulnerability. > > > > I heard about the SSL vulnerability before our server was > > cracked, and did some reading. I didn't patch, because of: > > > > http://www.mandrake.com/en/archives/expert/2002-09/msg00588.php > > > > The paragraph where they wrote Linux-Mandrake 8.2 was not vulnerable > > ... well, maybe they were referring to it with the openssl -2.3mdk > > patch. > > > > So, patch up, even if you read something that says "this is > > not vulnerable", as you may be taking it out of context, or they may > > be wrong. As of Sep 17 at least, there are automated tools for script > > kiddies that will exploit the hole. > > > > Here's the 8.2 security page: > > > > http://www.mandrake.com/en/security/mdk-updates.php3?dis=8.2 > > > > I assume this is the right one to install: > > > > http://www.mandrake.com/en/security/2002/MDKSA-2002-046-1.php?dis=8.2 > > (That gives you the filename; I assume you click on FTP server mirrors > > and find a mirror to actually download it. I haven't really used > > Mandrake's auto-update tools.) > > > > There is a longer discussion here: > > > > http://www.mandrake.com/en/archives/expert/2002-09/ > > (search for openssl) > > > > Jeffrey Twu > > [EMAIL PROTECTED] > > > > ---- > > > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com > > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
