23 Sep
2002
23 Sep
'02
06:02
Hi all,
does the last openSSL fix the slapper.B worm ?
---quoting ISS security advice---
Internet Security Systems Security Brief September 22, 2002
Propagation of "Slapper" OpenSSL/Apache Worm Variant
[...]
Both versions carry the same attack payload and attempt to exploit a previously disclosed vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process.
[...]
As both variants use the same attack, you should be safe if you follow the directions in http://www.suse.com/de/security/2002_027_openssl.html . Olaf Kirch sent out a clarification SA last week: http://www.suse.com/de/security/2002_033_openssl.html Thomas