[vox-tech] CERTŪ Advisory CA-2002-27 Apache/mod_ssl Worm

Alan H. Lake vox-tech@lists.lugod.org
18 Sep 2002 08:58:16 -0700 

--=-erQrWlfqoZvbh3frNgdb
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

I try to keep my RH 7.3 (that's LINUX, Linus) up to date with Red Carpet
(from Ximian).  I checked my mod_ssl version.  Not to worry.  That's one
of the beauties of Open Source.

Alan

On Tue, 2002-09-17 at 23:03, Louis Lee wrote:

    Since most of you use Linux :) , I figure many of you will be 
    interested in the following CERT advisory.  I've included the top 
    part.
    
    (Doug: Since we don't run SSL on our apache, we're safe for now....)
    
    Louie
    
    http://www.cert.org/advisories/CA-2002-27.html
    
    Original release date: September 14, 2002
    Last revised: September 17, 2002 13:43 EDT (UTC-0400)
    Source: CERT/CC
    
    Systems Affected
    
    * Linux systems running Apache with mod_ssl accessing SSLv2-enabled 
    OpenSSL 0.9.6d or earlier on Intel x86 architectures
    
    
    
    Overview
    
    The CERT/CC has received reports of self-propagating malicious code 
    which exploits a vulnerability (VU#102795) in OpenSSL. This malicious 
    code has been referred to as Apache/mod_ssl worm, linux.slapper.worm 
    and bugtraq.c worm. Reports received by the CERT/CC indicate that the 
    Apache/mod_ssl worm has already infected thousands of systems.
    
    _______________________________________________
    vox-tech mailing list
    vox-tech@lists.lugod.org
    http://lists.lugod.org/mailman/listinfo/vox-tech
    
    

--=-erQrWlfqoZvbh3frNgdb
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/1.0.4">
</HEAD>
<BODY>
I try to keep my RH 7.3 (that's LINUX, Linus) up to date with Red Carpet (from Ximian).&nbsp; I checked my mod_ssl version.&nbsp; Not to worry.&nbsp; That's one of the beauties of Open Source.
<BR>

<BR>
Alan
<BR>

<BR>
On Tue, 2002-09-17 at 23:03, Louis Lee wrote:
    <BLOCKQUOTE>
<PRE><FONT COLOR="#0b0873"><FONT SIZE="3"><I>Since most of you use Linux :) , I figure many of you will be </FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>interested in the following CERT advisory.  I've included the top </FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>part.</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>(Doug: Since we don't run SSL on our apache, we're safe for now....)</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>Louie</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>http://www.cert.org/advisories/CA-2002-27.html</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>Original release date: September 14, 2002</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>Last revised: September 17, 2002 13:43 EDT (UTC-0400)</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>Source: CERT/CC</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>Systems Affected</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>* Linux systems running Apache with mod_ssl accessing SSLv2-enabled </FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>OpenSSL 0.9.6d or earlier on Intel x86 architectures</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>Overview</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>The CERT/CC has received reports of self-propagating malicious code </FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>which exploits a vulnerability (VU#102795) in OpenSSL. This malicious </FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>code has been referred to as Apache/mod_ssl worm, linux.slapper.worm </FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>and bugtraq.c worm. Reports received by the CERT/CC indicate that the </FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>Apache/mod_ssl worm has already infected thousands of systems.</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>_______________________________________________</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>vox-tech mailing list</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>vox-tech@lists.lugod.org</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I>http://lists.lugod.org/mailman/listinfo/vox-tech</FONT></FONT></I>
<FONT COLOR="#0b0873"><FONT SIZE="3"><I></FONT></FONT></I>
</PRE>
    </BLOCKQUOTE>
</BODY>
</HTML>

--=-erQrWlfqoZvbh3frNgdb--