From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [UNIX] "Slapper" OpenSSL/Apache Worm Propagation Date: 18 Sep 2002 10:22:15 +0300
SUMMARY ISS X-Force has learned of the active propagation of a worm that exploits a previously disclosed vulnerability in Secure Sockets Layer 2.0 (SSLv2) handshake process. The worm is a modified derivative of the Apache "Scalper" BSD worm. Current versions of the Slapper worm that are in the wild are targeting Linux servers running Apache with mod_ssl. The worm has distributed denial of service (DDoS) capabilities, as well as backdoor functionality. Netcraft.com reports that over 66% of all active Web servers on the Internet are running Apache. Securityspace.org reports that there are nearly 1.4 million OpenSSL installations on the Internet. ---- Cei care mai aveti SSL-uri vechi, poate e cazul sa faceti macar AZI un update cu ultima versiune pe care o pune la dispozitie distributia dvs. Toate distributiile care le stiu au la updates pachete cu OpenSSL nevulnerabil. Deci nu mai pierdeti timpul intreband "da' x.y.z e vulnerabil?" ci puneti ultima versiune pe care o gasiti in directorul updates :) -- Flower --- Pentru dezabonare, trimiteti mail la [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. REGULI, arhive si alte informatii: http://www.lug.ro/mlist/
