One thing that's not fully discussed in some of the notices on this: If you have openssl-0.9.6e as the basis of Apache-mod_ssl your system cannot be compromised BUT it looks to me (from a couple of experiences) like the worm can still end up working as a DOS attack on you, since 0.9.6e doesn't always handle the error caused by the worm properly, but can crash the process. This seems to result (on a couple of systems I have where Apache is initialized via "apachectl startssl") in Apache restarting - but without SSL service, so the secure side of your sites is down without notice. openssl-0.9.6g handles the error correctly, and should not have this problem.
Note this is my best suspicion. I don't have firm evidence - it could just be coincidence that the only time I've seen this happen is since the worm is out. The logs are inconclusive. Whit On Fri, Sep 13, 2002 at 11:23:16AM -0600, Hal Flynn wrote: > For those of you not aware, there has been a report of an OpenSSL worm in > the wild. Discussion is on Bugtraq currently.
