New Apache Vandal

[Michael Klama]

Just wanted to post this notice I received from CSRT   1. New Linux Vandal: Slapper ============================================================ eSafe''s CSRT experts would like to bring to your attention that a new form of a malicious code may exploit a vulnerability of Apache web servers installed on Linux systems. The worm initiates a buffer overflow in the OpenSSL module on those servers and if the attack is successful, the worm inserts its own source code onto the attacked system. After the code is inserted, it is compiled and executed. The worm then opens a backdoor into the infected system which allows hackers to access data and initiate attacks from the infected machine.   This new threat has been inspected for a few days by us and we are glad to inform our customers that there are several, relatively simple methods of overcoming this threat:   * Update the SSL module used by the Apache server. The latest patch is invulnerable to Slapper''s attacks.   * Systems with no access to the ''gcc'' compiler cannot be infected by the Slapper worm. Therefore, one should not keep the C compiler on the production web servers. Alternatively, you may limit the access to the compiler to specific users.   * By blocking all unused ports, Slapper has no way of accessing your system (- Slapper attempt to enter a system by attacking port 2002). In case you are not using SSL, you should also block port 443.   * If Slapper is already infecting your system, you may be able to shut it down by closing its process. The process is called ''.bugtraq''.       Visit our web site for great deals on Computers and Hardware and for insightful and unique reviews of the latest hardware offerings by all of the major manufacturers. www.l-and-m-associates.com