Apache/mod_ssl Worm
What is this ? In the Apache Log appear the next error: mod_ssl: SSL handshake failed (server lapi.hn.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows) OpenSSL: error:1406B458:lib(20):func(107):reason(1112) I have SuSE 8.0 whith: mod_ssl-2.8.7-105 openssl-0.9.6c-80 Apache/1.3.23 (Unix) Any suggestion?
Raul Horacio Lapitzondo wrote:
What is this ?
In the Apache Log appear the next error:
mod_ssl: SSL handshake failed (server lapi.hn.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows)
OpenSSL: error:1406B458:lib(20):func(107):reason(1112)
there must be one or two lines more afaik .. at least if your server is patched which is maybe not. Thats the latest exploit for OpenSSL (mod_ssl) which affects all versions of openssl until 0.9.6e (or g which is a cleaner patch) or patched versions of SuSE's RPM. If you did an online update lately you should be safe, if not, do it! There's a working exploit for that bug out there and a 'worm' is in the wild which uses this bug to spread ...
I have SuSE 8.0 whith: mod_ssl-2.8.7-105 openssl-0.9.6c-80 Apache/1.3.23 (Unix)
Any suggestion?
update your rpm's if you didn't already! HTH
Sorry but not exist RPM with this patch. only .tar.gz
The last version RPM is openssl-0.9.6c-80
El día Wed, 02 Oct 2002 01:47:18 +0200
"Sven 'Darkman' Michels"
Raul Horacio Lapitzondo wrote:
What is this ?
In the Apache Log appear the next error:
mod_ssl: SSL handshake failed (server lapi.hn.org:443, client xxx.xxx.xxx.xxx) (OpenSSL library error follows)
OpenSSL: error:1406B458:lib(20):func(107):reason(1112)
there must be one or two lines more afaik .. at least if your server is patched which is maybe not. Thats the latest exploit for OpenSSL (mod_ssl) which affects all versions of openssl until 0.9.6e (or g which is a cleaner patch) or patched versions of SuSE's RPM. If you did an online update lately you should be safe, if not, do it! There's a working exploit for that bug out there and a 'worm' is in the wild which uses this bug to spread ...
I have SuSE 8.0 whith: mod_ssl-2.8.7-105 openssl-0.9.6c-80 Apache/1.3.23 (Unix)
Any suggestion?
update your rpm's if you didn't already!
HTH
On Tue, Oct 01, 2002 at 10:22:09PM -0300, Raul Horacio Lapitzondo wrote:
Sorry but not exist RPM with this patch. only .tar.gz The last version RPM is openssl-0.9.6c-80
if the latest rpm on suse update is the -80 then you're safe :) So the message in your logfile just show you that someone try to exploit the hole. regards Sven
participants (3)
-
Raul Horacio Lapitzondo -
Sven 'Darkman' Michels -
Sven Michels