Re: Fwd: bugtraq.c httpd apache ssl attack

[Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>]

"Noah L. Meyerhans" <noahm@debian.org> writes:

> On Sat, Sep 14, 2002 at 08:05:53PM +0200, Guille -bisho- wrote:
>> I don't know if in the c-2 the worm works partially or fully. Anybody knows?
>> It seems that the worm does not fully works on debian.
>
> The exploit code in the newest worm has been tested against
> 0.9.6c-2.woody.0.  It was not sucessful.

If you want to do your own tests (without fooling around with the
worm), you can use our tool:

http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php

-- 
Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898