Just wanted to post this notice I
received from CSRT
1. New Linux Vandal:
Slapper
============================================================
eSafe''s CSRT experts
would like to bring to your attention that a new form of a malicious code may
exploit a vulnerability of Apache web servers installed on Linux systems. The
worm initiates a buffer overflow in the OpenSSL module on those servers and if
the attack is successful, the worm inserts its own source code onto the
attacked system. After the code is inserted, it is compiled and executed. The
worm then opens a backdoor into the infected system which allows hackers to
access data and initiate attacks from the infected machine.
This new threat has been
inspected for a few days by us and
we are glad to inform our
customers that there are several, relatively simple methods of overcoming this
threat:
* Update the SSL module
used by the Apache server. The
latest patch is
invulnerable to Slapper''s attacks.
* Systems with no access
to the ''gcc'' compiler cannot be infected by the Slapper worm. Therefore, one
should not keep the C compiler on the production web servers. Alternatively,
you may limit the access to the compiler to specific users.
* By blocking all unused
ports, Slapper has no way of
accessing your system (-
Slapper attempt to enter a system
by attacking port 2002).
In case you are not using SSL, you should also block port
443.
* If Slapper is already
infecting your system, you may be
able to shut it down by
closing its process. The process is called ''.bugtraq''.
Visit our web site for
great deals on Computers and Hardware and for insightful and unique reviews of
the latest hardware offerings by all of the major manufacturers.
www.l-and-m-associates.com
