Re: Fwd: bugtraq.c httpd apache ssl attack

To: Michael Renzmann <mrenzmann@dylanic.de>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: Fwd: bugtraq.c httpd apache ssl attack
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Sat, 14 Sep 2002 20:00:45 +0200
Message-id: <[🔎] 87wupo78oi.fsf@Login.CERT.Uni-Stuttgart.DE>
Mail-followup-to: Michael Renzmann <mrenzmann@dylanic.de>, "debian-security@lists.debian.org" <debian-security@lists.debian.org>
In-reply-to: <[🔎] 3D8370B6.7040905@dylanic.de> (Michael Renzmann's message of "Sat, 14 Sep 2002 19:24:06 +0200")
References: <[🔎] Pine.LNX.4.44.0209141133520.15443-100000@agni.phys.iit.edu> <[🔎] 3D8369C4.1010903@dylanic.de> <[🔎] 3D8370B6.7040905@dylanic.de>

Michael Renzmann <mrenzmann@dylanic.de> writes:

> One thing that makes me wonder: after I wrote my first few lines about
> the attack on the rlx blade server that we experienced, someone gave a
> correct hint to the worm (describing it with some of its actions), and
> also mentioned a URL for the source code of the worm. When looking at
> that source (http://dammit.lt/apache-worm/apache-worm.c) it is quite
> obviously that "our" source is totally different.

The bot is roughly the same, only the exploit is different.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to:

References:
- Re: Fwd: bugtraq.c httpd apache ssl attack
  - From: David Ehle <ehle@agni.phys.iit.edu>
- Re: Fwd: bugtraq.c httpd apache ssl attack
  - From: Michael Renzmann <mrenzmann@dylanic.de>
- Re: Fwd: bugtraq.c httpd apache ssl attack
  - From: Michael Renzmann <mrenzmann@dylanic.de>

Prev by Date: Re: Fwd: bugtraq.c httpd apache ssl attack
Next by Date: Re: Fwd: bugtraq.c httpd apache ssl attack
Previous by thread: Re: Fwd: bugtraq.c httpd apache ssl attack
Next by thread: Re: Fwd: bugtraq.c httpd apache ssl attack
Index(es):
- Date
- Thread