OpenSSL worm in the wild

From: Ben Laurie (
Date: 09/13/02

Date: Fri, 13 Sep 2002 18:16:33 +0100
From: Ben Laurie <>
To: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>, Cryptography <>, cypherpunks <>, Apache SSL <>

I have now seen a worm for the OpenSSL problems I reported a few weeks
back in the wild. Anyone who has not patched/upgraded to 0.9.6e+ should
be _seriously worried_.

It appears to be exclusively targeted at Linux systems, but I wouldn't
count on variants for other systems not existing.




"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff