Re: Fwd: bugtraq.c httpd apache ssl attack
>> Even through we are not mentioned are we vulnerable to this attack?
>Current rumours indicate that CAN-2002-0656 is exploited. DSA-136
>addresses this vulnerability:
>I still have to see the worm, so I can't say for sure that you are
>safe, but it's a good time to update if you haven't done so. ;-)
I have seen two Debian machines exploited with the -d version of
openssl, denoted by the the files:
It seems that the worm not fully exploit debian, because the DOS program
was not compiled and running (and gcc was installed on one of the .
Another redhat machine was exploited and has the /tmp/.bugtraq.c
compiled and running.
Anyway, updating its a priority, because the worm could be improved to
succesfully exploit debian.
.,,, Guillermo Pérez -=] 14/09/2002 [=-
_' .,,,, - bisho@ ( onirica.com | eurielec.etsit.upm.es )
( \/ :: Las personas no son recursos humanos. No los ::
bisho! ``\\ :: rebajemos a ladrillos. ::