Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Slapper worm type B
  • From: Thomas Lamy <Thomas.Lamy@xxxxxxxxxx>
  • Date: Mon, 23 Sep 2002 08:02:43 +0200
  • Message-id: <656F04F343FC25409463829A15B5FDDC08AF6F@xxxxxxxxxxxxxxxxxxxxx>

> Hi all,
>
> does the last openSSL fix the slapper.B worm ?
>
> ---quoting ISS security advice---
>
> Internet Security Systems Security Brief
> September 22, 2002
>
> Propagation of "Slapper" OpenSSL/Apache Worm Variant
>
> [...]
>
> Both versions carry the
> same attack
> payload and attempt to exploit a previously disclosed
> vulnerability in the
> Secure Sockets Layer 2.0 (SSLv2) handshake process.
>
> [...]
>
As both variants use the same attack, you should be safe if you follow the
directions in http://www.suse.com/de/security/2002_027_openssl.html . Olaf
Kirch sent out a clarification SA last week:
http://www.suse.com/de/security/2002_033_openssl.html

Thomas

< Previous Next >
This Thread
  • No further messages