Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Linux/Slapper.worm
  • From: "Joachim Hummel" <joachim.hummel@xxxxxxxxxxxxx>
  • Date: Wed, 18 Sep 2002 14:54:12 +0200 (MEST)
  • Message-id: <1578.>

Peter Wiersig sagte:
> Joachim Hummel wrote:
>> I can find only mod_ssl from 30.Juli 2002 for SuSE 8.0 z.B. and after
>> installing i have also a vulnerable version mod_ssl !
> Who says this? The flaw is in the package openssl. What mod_ssl
> vulnerability are you talking about?

Copy from
The OpenSSL server vulnerability exploit exists on a wide variety of
platforms, but Slapper appears to work only on Linux systems running
Apache with the OpenSSL module (mod_ssl) on Intel architectures.

Mod_SSL or OpenSSL ? I don´t unterstand this ??
OpenSSL is standalone application !
SSL with Apache works only with file /usr/lib/apache/
SSL with Apache works only with file /usr/lib/apache/
Apache doesn´t work with /usr/sbin/openssl is included in mod_ssl.rpm package !
I can´t find any ssl version of 0.9.6.e or 0.9.6.g
this is recommended of

I was compiled a new OpenSSL after restart apache works again
the old vulnerable version of openssl.

>> Doesn?t interessting this vulnerable of OpenSSL the SuSE Support ?
> They care and they have already packaged updates.
NO.. !!
This is older version as recommended version of 0.9.6.e
>> I can?t find some information about this vulnerable on SuSE Support
>> Side.

This say nothing !
>> I have SuSE 7.3 and 8.0 (native with Apache and SSL... what must i do
>> now SuSE ( Step by Step ) ?????
> Yast2 -> Software -> Online Update
> Automatic Update -> Next
i make this ....Installed vulnerably version 0.9.6.c
This helps very good !!!

Copy of !
The vulnerability exploited by the Slapper (Apache/mod_ssl) worm was fixed
beginning with OpenSSL version 0.9.6e. Administrators may want to upgrade
to the latest version as of this writing the latest version of OpenSSL is

Mit freundlichen Grüßen
Joachim Hummel

< Previous Next >