Apache/mod_ssl Worm
Dan Burcaw
yellowdog-general@lists.terrasoftsolutions.com
Wed Sep 18 09:01:01 2002
YDL 2.2's openssl errata from early August resolves this anyway..
even't if it isnt likely to cause problems on ppc.
> On Tue, Sep 17, 2002 at 05:51:32PM -0400, Rick Thomas wrote:
> >
> > Is YDL 2.2 vulnerable to the Apache/mod_ssl Worm?
>
> To quote CERT Advisory CA-2002-27 :
> http://www.cert.org/advisories/CA-2002-27.html
>
> "Systems Affected
> Linux systems running Apache with mod_ssl accessing SSLv2-enabled
> OpenSSL 0.9.6d or earlier on Intel x86 architectures "
>
> This isn't to say that the worm can't or won't infect PPC distros; only
> that it is known to infect Intel archs. It is possible, but in my opinion
> not very likely, that the worm will be mutated to scan for PPC installs.
> But why take that chance. If you're running a production webserver, you
> should have the latest versions of critical software installed; especially
> the ones that have known security vulnerabilities.
>
> I would also like to share a tip that I found in one of the discussion
> about this worm. Since this worm depends on being able to compile, then
> launch itself from the /tmp directory, mount your /tmp partition with
> the "noexec" option. For a better description that I could ever give:
> http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap5sec45.html
>
>