Re: [d-security] woody apache/ssl - security issue?

To: Tycho Fruru <tycho@fruru.com>
Cc: Christian Hammers <ch@debian.org>, Jeff Armstrong <jaa.debian@aquabolt.com>, debian-security@lists.debian.org
Subject: Re: [d-security] woody apache/ssl - security issue?
From: Christian Hammers <ch@westend.com>
Date: Wed, 25 Sep 2002 15:35:10 +0200
Message-id: <[🔎] 20020925133510.GA3652@westend.com>
Mail-followup-to: Christian Hammers <ch@westend.com>, Tycho Fruru <tycho@fruru.com>, Christian Hammers <ch@debian.org>, Jeff Armstrong <jaa.debian@aquabolt.com>, debian-security@lists.debian.org
In-reply-to: <[🔎] 1032959882.19136.42.camel@kungfoo.conostix.com>
References: <[🔎] 20020902110756.GA19459@dat.etsit.upm.es> <[🔎] 003d01c26493$f9d8f2b0$3864a8c0@comice> <[🔎] 20020925131334.GG16100@westend.com> <[🔎] 1032959882.19136.42.camel@kungfoo.conostix.com>

On Wed, Sep 25, 2002 at 03:18:02PM +0200, Tycho Fruru wrote:
> > The logfile entries you've shown are absolutely harmless, I use exactly
> > the same strings for testing if a webserver responses.
> hmm. To me they don't seem harmless.  Looks more like you've been
> visited by a slapper worm (which leaves the same trails in your
> logfiles)
The messages itself are absolutely harmless. Whatever brought down your
server did it at least not by using just these queries. They can be used 
by a worm though - to quickly check which server version is displayed.
To check if the server is vulnerable to the slapper worm (i.e. the recent 
OpenSSL vulnerability), visit:
http://CERT.Uni-Stuttgart.DE/advisories/openssl-sslv2-master/

bye,

-christan-

Reply to:

References:
- New release of the "Securing Debian Manual" (2.5)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- woody apache/ssl - security issue?
  - From: "Jeff Armstrong" <jaa.debian@aquabolt.com>
- Re: [d-security] woody apache/ssl - security issue?
  - From: Christian Hammers <ch@debian.org>
- Re: [d-security] woody apache/ssl - security issue?
  - From: Tycho Fruru <tycho@fruru.com>

Prev by Date: unsubscribe
Next by Date: RE: [d-security] woody apache/ssl - security issue?
Previous by thread: Re: [d-security] woody apache/ssl - security issue?
Next by thread: RE: [d-security] woody apache/ssl - security issue?
Index(es):
- Date
- Thread