We have become aware of a worm, labelled the Linux.Slapper.Worm, that exploits a vulnerability in older versions of the OpenSSL library. This worm is also known by various other names including Linux.Slapper-A, Linux.Slapper-Worm, Apache/mod_ssl Worm, and Slapper.source. Additionally worms by the names of Linux.Devnull, Unlock, and Cinik have been spotted. All these worms attempt to exploit the same vulnerability in OpenSSL. Versions of the worm found so far attempt to exploit Apache servers on Linux running a version of OpenSSL that contains the OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow bug (given CVE name CAN-2002-0656). The worm then spreads to find other vulnerable hosts, building up a peer to peer network of hosts which can then be further exploited or used in large scale distributed denial of service attacks. Versions of OpenSSL that are not vulnerable to this issue have been available from Red Hat since 29th July 2002. Customers who have kept their systems up to date are not impacted by this worm. If you have not updated your system, we recommend you update the vulnerable packages immediately, and reboot to ensure that all affected services are restarted. Solution: The Red Hat Network Red Hat customers that subscribe to Red Hat Network received a fix for the exploit used by this worm shortly after the vulnerabilities were discovered. Check that your systems are up to date using the 'up2date' tool. Manually Updating Your System To update your system manually, please follow the links below for the needed updates. Because both client and server applications are affected by these vulnerabilities, we advise users to reboot their systems after installing these updates. Red Hat Linux 6.2, 7, 7.1, 7.2, 7.3 http://rhn.redhat.com/errata/RHSA-2002-160.html Red Hat Linux 8.0 This release shipped with a version of OpenSSL that contains a backported security fix and is therefore not vulnerable to this issue. Red Hat Advanced Server 2.1AS http://rhn.redhat.com/errata/RHSA-2002-161.html Stronghold Although Stronghold is not directly targetted by this worm, it is vulnerable to the same OpenSSL issues and therefore could be exploited by a modified version of the worm in the future Stronghold 3 (all platforms): http://rhn.redhat.com/errata/RHSA-2002-164.html Stronghold 4 (For Red Hat Linux Advanced Server) is not affected directly as it relies on the Advanced Server OpenSSL libraries. See http://rhn.redhat.com/errata/RHSA-2002-161.html Stronghold 4 (other platforms): http://rhn.redhat.com/errata/RHSA-2002-163.html References: http://securityresponse.symantec.com/avcenter/venc/data/linux.slapper.worm.h tml http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/03 -- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/node.php?id=3
