Re: OpenSSL worm
From: Whit Blauvelt (whit@transpect.com)Date: 09/20/02
- Previous message: Steve Wampler: "Re: route add to block IP's"
- In reply to: Hal Flynn: "OpenSSL worm"
- Next in thread: Muhammad Faisal Rauf Danka: "Re: OpenSSL worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 Sep 2002 12:20:24 -0400 From: Whit Blauvelt <whit@transpect.com> To: Hal Flynn <flynn@securityfocus.com>
One thing that's not fully discussed in some of the notices on this: If you
have openssl-0.9.6e as the basis of Apache-mod_ssl your system cannot be
compromised BUT it looks to me (from a couple of experiences) like the worm
can still end up working as a DOS attack on you, since 0.9.6e doesn't always
handle the error caused by the worm properly, but can crash the process.
This seems to result (on a couple of systems I have where Apache is
initialized via "apachectl startssl") in Apache restarting - but without SSL
service, so the secure side of your sites is down without notice.
openssl-0.9.6g handles the error correctly, and should not have this
problem.
Note this is my best suspicion. I don't have firm evidence - it could just
be coincidence that the only time I've seen this happen is since the worm is
out. The logs are inconclusive.
Whit
On Fri, Sep 13, 2002 at 11:23:16AM -0600, Hal Flynn wrote:
> For those of you not aware, there has been a report of an OpenSSL worm in
> the wild. Discussion is on Bugtraq currently.
- Previous message: Steve Wampler: "Re: route add to block IP's"
- In reply to: Hal Flynn: "OpenSSL worm"
- Next in thread: Muhammad Faisal Rauf Danka: "Re: OpenSSL worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
