Re: Fwd: bugtraq.c httpd apache ssl attack
Is this the same vulnerability exploited bye the "Linux.Slapper.Worm"?
http://securityresponse.symantec.com/avcenter/venc/data/linux.slapper.worm.html
The reports openssl 0.9.6d and older are vulnerable, and woody seems to be
using 0.9.6.d.
Is DSA-126-1 openssl saying that this has been patched in the woody debian
binarys?
http://www.debian.org/security/2002/dsa-136
Thanks,
David.
On Fri, 13 Sep 2002, Florian Weimer wrote:
> Phillip Hofmeister <plhofmei@zionlth.org> writes:
>
> > Even through we are not mentioned are we vulnerable to this attack?
>
> Current rumours indicate that CAN-2002-0656 is exploited. DSA-136
> addresses this vulnerability:
>
> http://www.debian.org/security/2002/dsa-136
>
> I still have to see the worm, so I can't say for sure that you are
> safe, but it's a good time to update if you haven't done so. ;-)
>
> --
> Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
> University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
> RUS-CERT fax +49-711-685-5898
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: