Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Linux/Slapper.worm
  • From: Olaf Kirch <okir@xxxxxxx>
  • Date: Wed, 18 Sep 2002 15:15:48 +0200
  • Message-id: <20020918151548.A28898@xxxxxxx>
On Wed, Sep 18, 2002 at 02:54:12PM +0200, Joachim Hummel wrote:
> Copy from
> The OpenSSL server vulnerability exploit exists on a wide variety of
> platforms, but Slapper appears to work only on Linux systems running
> Apache with the OpenSSL module (mod_ssl) on Intel architectures.

It's easy, if you look at how things work:

- apache uses mod_ssl
- mod_ssl uses OpenSSL
- OpenSSL has a buffer overflow

So yes, everyone is talking about the "Apache/mod_ssl" worm because
that's how it propagates. But the vulnerability is at a layer below
that; any other service using OpenSSL's SSL implementation could probably
used to propagate the worm as well (anybody out there running webmin?)

So: You upgrade OpenSSL, the buffer overflow is gone, everyone is happy.

Olaf Kirch | Anyone who has had to work with X.509 has probably
okir@xxxxxxx | experienced what can best be described as
---------------+ ISO water torture. -- Peter Gutmann

< Previous Next >
Follow Ups