The Symantic site has this additional info posted on Sept. 13, 2002:
Linux.Slapper.Worm uses an OpenSSL buffer overflow exploit
to run a shell on a remote system. The worm targets
vulnerable installations of the Apache Web server on
Linux operating systems which includes versions of SuSe,
Mandrake, RedHat, Slackware and Debian. The worm also
contains code for a Distributed Denial of Service attack.
At this time over 3500 computers have been observed
performing this activity, according to Symantec
DeepSight Threat Management System data. This includes
computers located in Portugal and Romania, where initial
reports of the worm originated.
(see link above for further details...)
4 posted on
09/17/2002 10:23:42 AM PDT by
ricer1
To: ricer1
This SSL buffer overflow exploit has been known and patches have already been given to correct the problem. Any sysadmins who would still get it on systems under their care are asleep at the wheel.
9 posted on
09/17/2002 10:27:50 AM PDT by
rdb3
To: ricer1
So can you avoid this worm by running your SSL and Apache services using an account with no privileges, instead of using root?
I suspect many of these infected machines are run by dumba$$es who don't even know they're running a webserver, and have no idea how to configure a secure box.
To: ricer1
Buffer overflows were known about and avoided since before PL1. Anyone still writing code suceptable to such an error should be guilty of criminal negligence. These problems were solved more than 40 years ago. It seems that modern programmers just repeat: the mistakes of the past, repeat.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson