Josh, I believe the virus only affects systems pre-0.9.6e: http://www.openssl.org/news/secadv_20020730.txt.
Thanks, Christian ----------------- Christian Gilmore Technology Leader GeT WW Global Applications Development IBM Software Group > -----Original Message----- > From: Josh Chamas [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, September 17, 2002 2:43 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Linux + Apache Worm exploiting pre 0.9.6g OpenSSL > vulnerabilities on the loose > > > Hey, > > There seems to be a worm spreading for Apache + Linux + OpenSSL > servers that I saw a discussion on at > > http://apache.slashdot.org/apache/02/09/13/2315246.shtml?tid=172 > > Seems like we need to upgrade our apache servers to OpenSSL 0.9.6g > if we haven't already. I didn't see this posted to mod_perl > yet, forgive me if this has been sent out already. > > Based on discussion at: > > http://online.securityfocus.com/bid/5363/discussion/ > > it seems that we might need to upgrade modssl as well, > but I have not seen a release of modssl since June > ( see http://www.modssl.org/news/ ), so this seems to > not be necessary, but do not take my word for it, upgrade > if you think its a good idea ( probably is anyway ). > > Regards, > > Josh > ________________________________________________________________ > Josh Chamas, Founder phone:925-552-0128 > Chamas Enterprises Inc. http://www.chamas.com > NodeWorks Link Checking http://www.nodeworks.com >