Apache/mod_ssl Worm
Ken Schweigert
yellowdog-general@lists.terrasoftsolutions.com
Wed Sep 18 08:50:01 2002
On Tue, Sep 17, 2002 at 05:51:32PM -0400, Rick Thomas wrote:
>
> Is YDL 2.2 vulnerable to the Apache/mod_ssl Worm?
To quote CERT Advisory CA-2002-27 :
http://www.cert.org/advisories/CA-2002-27.html
"Systems Affected
Linux systems running Apache with mod_ssl accessing SSLv2-enabled
OpenSSL 0.9.6d or earlier on Intel x86 architectures "
This isn't to say that the worm can't or won't infect PPC distros; only
that it is known to infect Intel archs. It is possible, but in my opinion
not very likely, that the worm will be mutated to scan for PPC installs.
But why take that chance. If you're running a production webserver, you
should have the latest versions of critical software installed; especially
the ones that have known security vulnerabilities.
I would also like to share a tip that I found in one of the discussion
about this worm. Since this worm depends on being able to compile, then
launch itself from the /tmp directory, mount your /tmp partition with
the "noexec" option. For a better description that I could ever give:
http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap5sec45.html
--
-Ken Schweigert, Padawan Network Administrator
Byte Productions, LLC
http://www.byte-productions.com