Linux Today: Linux News On Internet Time.

More on LinuxToday

Symantec/LinuxSecurity.com: Apache Advisory: OpenSSL

Sep 14, 2002, 01:37 (11 Talkback[s])
(Other stories by Eric Lubow)

Symantec: Linux.Slapper.Worm

"Linux.Slapper.Worm uses an OpenSSL buffer overflow exploit to run a shell on a remote system. The worm targets vulnerable installations of the Apache Web server on Linux operating systems which includes versions of SuSe, Mandrake, RedHat, Slackware and Debian. The worm also contains code for a Distributed Denial of Service attack.

"At this time over 350 computers have been observed performing this activity, according to Symantec DeepSight Threat Management System data. This includes computers located in Portugal and Romania, where initial reports of the worm originated..."

Complete Advisory

LinuxSecurity.com: OpenSSL Worm Loose in the Wild

"There has been credible reports that a worm propagating in the wild is breaking into servers running vulnerable versions of OpenSSL. Last month, several critical security issues, including a client-exploitable remote buffer overflow in the SSLv2 handshake process, were discovered in all OpenSSL versions prior to 0.9.6e. The worm appears to exploit this hole, although little else is known: it communicates with peers over UDP port 2002, and may have distributed denial of service capabilities. Statistics from the Internet Storm Center indicate a noticeable spike in port 2002 activity over the past few days, though reported intrusions have been mostly isolated to Europe thus far.

"The worm seems to pick its targets by server banners; for Apache, you can set the ServerTokens option to 'ProductOnly' to keep it from reporting its operating system and version information..."

Complete Story (with CERT Advisory)