Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Apache Worm

1 view
Skip to first unread message

Ace

unread,
Sep 24, 2002, 7:27:05 PM9/24/02
to
From http://www.ealaddin.com/csrt


eSafe''s CSRT experts would like to bring to your attention
that a new form of a malicious code may exploit a
vulnerability of Apache web servers installed on Linux
systems. The worm initiates a buffer overflow in the OpenSSL
module on those servers and if the attack is successful, the
worm inserts its own source code onto the attacked system.
After the code is inserted, it is compiled and executed. The
worm then opens a backdoor into the infected system which
allows hackers to access data and initiate attacks from the
infected machine.


This new threat has been inspected for a few days by us and
we are glad to inform our customers that there are several,
relatively simple methods of overcoming this threat:


* Update the SSL module used by the Apache server. The
latest patch is invulnerable to Slapper''s attacks.


* Systems with no access to the ''gcc'' compiler cannot be
infected by the Slapper worm. Therefore, one should not keep
the C compiler on the production web servers. Alternatively,
you may limit the access to the compiler to specific users.


* By blocking all unused ports, Slapper has no way of
accessing your system (- Slapper attempt to enter a system
by attacking port 2002). In case you are not using SSL, you
should also block port 443.


* If Slapper is already infecting your system, you may be
able to shut it down by closing its process. The process is
called ''.bugtraq''.

I hope this helps at least some people,and sorry for the cross-posting


--
Registered Linux User #272108
Give a man a fish...he eats for one day...Teach a man to fish he eats every
day!
Windows is a 32 bit shell for a 16 bit extension to an 8 bit Operating
System designed for a 4 bit microchip by a 2 bit company
which can't stand one bit of competition.

Michael Erskine

unread,
Sep 28, 2002, 1:54:36 AM9/28/02
to
Ace <a...@here.org.asm> wrote in message news:<up1t8m2...@corp.supernews.com>...

Perhaps but his sig is worth it's weight in gold.

-m-

Luke Vogel

unread,
Sep 28, 2002, 5:06:08 AM9/28/02
to

Hey Michael,

Long time no hear!

--
Regards
Luke
------
When I die, I want to die like my Grandmother who died peacefully
in her sleep. Not screaming like all the passengers in her car.
------
C.O.L.S FAQ - http://www.linuxsecurity.com/docs/colsfaq.html
------

0 new messages