Re: bugtraq.c httpd apache ssl attack

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: bugtraq.c httpd apache ssl attack
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Sun, 15 Sep 2002 11:43:52 +0200
Message-id: <[🔎] 87y9a3si3r.fsf@Login.CERT.Uni-Stuttgart.DE>
Mail-followup-to: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
In-reply-to: <[🔎] 20020914185756.GA31379@zionlth.org> (Phillip Hofmeister's message of "Sat, 14 Sep 2002 14:57:56 -0400")
References: <[🔎] 20020914185756.GA31379@zionlth.org>

Phillip Hofmeister <plhofmei@zionlth.org> writes:

> Is this log evidence of our worm?
>
> [Fri Sep 13 23:46:29 2002] [error] mod_ssl: SSL handshake failed (server www.zionlth.org:443, client 195.34.113.130) (OpenSSL library error follows)
> [Fri Sep 13 23:46:30 2002] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long

Yes, this is the reaction of a machine which has been patched.

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Reply to:

References:
- bugtraq.c httpd apache ssl attack
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: Re: Fwd: bugtraq.c httpd apache ssl attack
Next by Date: OpenSSL and Potato a request for clarificiation
Previous by thread: Re: bugtraq.c httpd apache ssl attack
Next by thread: question from a newbie regarding possible trojan
Index(es):
- Date
- Thread