Re: slapper worm

Tue, 24 Jan 2006 17:08:56 -0800 

that's a coincidence...
just today when i checked the apache server-status page i notice that some host was scanning several sites randomly trying to find a xmlrpc.php in different apparently pre defined locations. 


i was aware of the xmlrpc bug in pear and already checked if it was on my 
server but it wasnt...


to make sure i immediatly ran a locate and find again and nothing came up...
also blocked the source ip and since then everything is quiet again.

so i guess this so called slapper is still very active.





From: Mike McCarty <[EMAIL PROTECTED]>

Reply-To: Discussion of the Fedora Legacy Project 
<fedora-legacy-list@redhat.com>

To: Discussion of the Fedora Legacy Project <fedora-legacy-list@redhat.com>
Subject: Re: slapper worm
Date: Tue, 24 Jan 2006 13:08:52 -0600

James Kosin wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jesse Keating wrote:


On Mon, 2006-01-23 at 17:11 -0500, James Kosin wrote:


My version takes care of the mod_ssl issue he already disabled.  FC1
doesn't have a fix or if so it hasn't gone through QA yet.


Do you have a CVE for the ssl issue?  I'd like to see if it is somewhere
in the QA pipeline.



------------------------------------------------------------------------


Jesse,

Just checked this morning.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175406

But, I think we may need to do something pro actively...  I'm seeing
many posting either not knowing about this worm or not knowing if they
are protected or how vulnerable they may be.


[snip]

I'm a little shocked at this, frankly. I Googled around, and
found mentions of the Slapper going back to 2002. Why is it that
this exploit (and variations of it) haven't all been stamped
out years ago?

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-list


_________________________________________________________________

Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-list























					Reply via email to