Full Disclosure mailing list archives
OpenSSL Worm ?
From: delta () FaVeVe Uni-Stuttgart de (Helmut Springer)
Date: Sat, 14 Sep 2002 14:20:13 +0200
On 14 Sep 2002 at 05:37 +0200, Solar Eclipse wrote:
The new variant has a new exploit section and targets Apache/SSL servers, exploiting the recent vulnerability in OpenSSL 0.6.9d.
Where recent is 30 Jun 2002.
The worm leaves no entry in httpd.log and does not crash Apache. After exploiting the server, it uploads its source as /tmp/.bugtraq.c and compiles it as /tmp/.bugtraq
It sets up a kind of peer to peer network using 2002/udp, seems to be quite noisy (bad design or bad estimation?). Other flovours to come might use other ports... The worm can execute arbitrary commands, so it has an upgrade path. A more silent flavour might make a more efficient use of it... -- MfG/Best regards, "A Feature you cannot disable is helmut springer considered a bug" comp.os.unix
Current thread:
- OpenSSL Worm ? Ka (Sep 13)
- OpenSSL Worm ? EPiC (Sep 13)
- OpenSSL Worm ? Jonathan Rickman (Sep 13)
- OpenSSL Worm ? Solar Eclipse (Sep 13)
- OpenSSL Worm ? Nick FitzGerald (Sep 13)
- OpenSSL Worm ? Helmut Springer (Sep 14)
- OpenSSL Worm ? Jonathan Rickman (Sep 13)
- OpenSSL Worm ? Nick FitzGerald (Sep 13)
- OpenSSL Worm ? EPiC (Sep 13)
- OpenSSL Worm ? Len Rose (Sep 13)
- OpenSSL Worm ? David Kennedy CISSP (Sep 13)