Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
RE: [suse-security] Linux/Slapper.worm
The answer is a simple YES.

By the way, there is no guessing about it. The note in
advisory CA-2002-27 includes the statement:
The Apache/mod_ssl worm is self-propagating malicious
code that exploits the OpenSSL vulnerability described in
VU#102795. This vulnerability was the among the topics
discussed in CA-2002-23 Multiple Vulnerabilities In OpenSSL.

The SuSE announcement for SSL says it fixes the bug in
CA-2002-23.

Therefore, these are the correct patches and THERE IS NO
GUESSING about it.

Sorry, but these email were really dragging out for no
good reason if the announcements were properly read.

Jim
> Miguel Albuquerque wrote:
> > Slapper is using an OpenSSL mod_ssl exploit reported and patched at
> > http://www.openssl.org/news/secadv_20020730.txt.
> >
> > The security update openssl release 20020812 by SuSE fixes the
> > problem? Thanx
>
> Olaf replied:
> > It does.
> >
> > Olaf
>
> I want to be absolutely sure I know what I'm doing here.
>
> The only recent ssl-related advisories I see in the SuSE archive are
> these:
>
> July 30:
> http://lists2.suse.com/archive/suse-security-announce/2002-Jul/0003.html
> July 31:
> http://lists2.suse.com/archive/suse-security-announce/2002-Jul/0004.html
>
> The July 30 advisory provides links to openssl rpms that appear, based
> on the names, to range from 0.9.5a to 9.9.6e, depending on which level
> of SuSE you are on. The CERT advisory says you need 0.9.6e or newer.
> Now I know SuSE often patches old versions to simplify dependency
> implications. But I don't want to make a bad assumption here. So I am
> looking for definitive information:
>
> The CERT advisory for slapper:
>
> http://www.cert.org/advisories/CA-2002-27.html
>
> says that slapper exploits vulnerability VU#102795:
>
> http://www.kb.cert.org/vuls/id/102795
>
> which labels this vulnerability as CERT Advisory CA-2002-23, and CVE
> Name CAN-2002-0656. This matches one of the cross-referenced
> vulnerabilities on the SuSE July 30 advisory:
>
>
> http://lists2.suse.com/archive/suse-security-announce/2002-Jul/0003.html
>
> Based on this, my guess (I hate having to guess about this!) is that all
> of the rpm's linked in the July 30 advisory have been patched by SuSE
> and contain the fix needed to overcome the vulnerability (VU#102795)
> exploited by slapper, despite the confusing names of those openssl
> versions. Therefore, applying the listed rpm designated for my version
> of SuSE will protect me from the slapper worm. Is this correct?
>
> Many thanks for your excellent work in fixing these things.
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>

< Previous Next >
Follow Ups