Re: rlx blade server attacked

To: debian-security@lists.debian.org
Subject: Re: rlx blade server attacked
From: Tunggul A Siswoyo <swirl@undip.net>
Date: Sun, 22 Sep 2002 20:13:39 +0700
Message-id: <[🔎] 20020922131339.GA914@undip.net>
In-reply-to: <[🔎] 3D82324C.8000604@dylanic.de>
References: <[🔎] 3D8203DE.4090707@dylanic.de> <[🔎] 3D82185C.5010406@sopko.net> <[🔎] 3D82324C.8000604@dylanic.de>

On Fri, Sep 13, 2002 at 08:45:32PM +0200, Michael Renzmann wrote:
> Hi Jason.
> 
> Jason Sopko wrote:
> >The Apache worm you're infected with was posted on bugtraq earlier
> >today. It exploits mod_ssl and can be identified by doing a ps -ax |
> >grep bugtraq (it runs as the name .bugtraq). The source for it is here:
> >
> >http://dammit.lt/apache-worm/apache-worm.c
> 
> Thanks a lot for the fast reply. You are right, I can approve that this 
> is the worm that attacked the management blade. It started it's attack 
> somewhere around noon (local time) today. The management blade is 
> vulnerable to this attack as it is based on RedHat 7.3 (maybe it would 
> have been better if RLX had stick to Debian as they used before).
> 
> Thanks a lot for the help.
> 
> Bye, Mike
> 
Is debian woody vulnerable to this exploits?
AFAIK i didn't see any recent DSA (except DSA-135) mentioning this
hole.

#!tunggul

Reply to:

Follow-Ups:
- Re: rlx blade server attacked
  - From: Tunggul A Siswoyo <swirl@undip.net>

References:
- rlx blade server attacked
  - From: Michael Renzmann <mrenzmann@dylanic.de>
- Re: rlx blade server attacked
  - From: Jason Sopko <jason@sopko.net>
- Re: rlx blade server attacked
  - From: Michael Renzmann <mrenzmann@dylanic.de>

Prev by Date: Re: unssubscribe
Next by Date: Re: rlx blade server attacked
Previous by thread: Re: rlx blade server attacked
Next by thread: Re: rlx blade server attacked
Index(es):
- Date
- Thread