Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
RE: [suse-security] Linux/Slapper.worm
  • From: "Alan Rouse" <ARouse@xxxxxxxx>
  • Date: Tue, 17 Sep 2002 16:38:43 -0400
  • Message-id: <382BC0C28F397F4785E7414B8279F5271B537B@xxxxxxxxxxxxxxxxxxxxxxx>
Miguel Albuquerque wrote:
> Slapper is using an OpenSSL mod_ssl exploit reported and patched at
> http://www.openssl.org/news/secadv_20020730.txt.
>
> The security update openssl release 20020812 by SuSE fixes the
> problem? Thanx

Olaf replied:
> It does.
>
> Olaf

I want to be absolutely sure I know what I'm doing here.

The only recent ssl-related advisories I see in the SuSE archive are
these:

July 30:
http://lists2.suse.com/archive/suse-security-announce/2002-Jul/0003.html
July 31:
http://lists2.suse.com/archive/suse-security-announce/2002-Jul/0004.html

The July 30 advisory provides links to openssl rpms that appear, based
on the names, to range from 0.9.5a to 9.9.6e, depending on which level
of SuSE you are on. The CERT advisory says you need 0.9.6e or newer.
Now I know SuSE often patches old versions to simplify dependency
implications. But I don't want to make a bad assumption here. So I am
looking for definitive information:

The CERT advisory for slapper:

http://www.cert.org/advisories/CA-2002-27.html

says that slapper exploits vulnerability VU#102795:

http://www.kb.cert.org/vuls/id/102795

which labels this vulnerability as CERT Advisory CA-2002-23, and CVE
Name CAN-2002-0656. This matches one of the cross-referenced
vulnerabilities on the SuSE July 30 advisory:


http://lists2.suse.com/archive/suse-security-announce/2002-Jul/0003.html

Based on this, my guess (I hate having to guess about this!) is that all
of the rpm's linked in the July 30 advisory have been patched by SuSE
and contain the fix needed to overcome the vulnerability (VU#102795)
exploited by slapper, despite the confusing names of those openssl
versions. Therefore, applying the listed rpm designated for my version
of SuSE will protect me from the slapper worm. Is this correct?

Many thanks for your excellent work in fixing these things.

< Previous Next >