Greg Brown [[EMAIL PROTECTED]] wrote: > Looking at the release date I'd say that it's fairly impossible that > this is going to fix any bugs discovered after August, 01, 2002. > Correct? > > So my website is still down (not a big deal, really) but I would like > to get it back up and running sometime..
I'm not sure if the replies from other folks were clear, or not, but this worm (much like CodeRed and Nimda) is not exploiting a -new- vulnerability. They are exploiting an old vulnerability that was announced in the July time frame. First, see CERT's post on the worm: http://www.cert.org/advisories/CA-2002-27.html Within that, they link to their earlier message on the actual vuln: http://www.cert.org/advisories/CA-2002-23.html In the vendor response section of that second page, you see RedHat's reponse: http://rhn.redhat.com/errata/RHSA-2002-155.html Make sure the RPMs you have installed match the recommended RPMs from RedHat's page, and you're fine. It's not so much that you need any new patch to defend against this worm, you need the patch that fixes the vulnerability that the worm exploits, for which updates were released in late July. Hope that clears things up a bit. Mike -- "Let the power of Ponch compel you! Let the power of Ponch compel you!" -- Zorak on Space Ghost GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1 GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
msg03993/pgp00000.pgp
Description: PGP signature
