Full Disclosure mailing list archives
The last word on the Linux Slapper worm
From: John.Airey () rnib org uk (John.Airey () rnib org uk)
Date: Mon, 23 Sep 2002 16:06:25 +0100
There has been a lack of information about the potential for damage around the Linux Slapper worm, and posts to the bugtraq list ranging from the sublime to the ridiculous. I am hoping that this post will clear up any doubts people may have about the vulnerabilities of their systems. It appears that the Linux vendors and openssl had been working together to produce an update to the vulnerability that was exploited by this worm. However, none of the openssl maintainers other than Mark Cox of Red Hat knows anything about this from what I can gather. Red Hat have a statement on their home page regarding the vulnerability of their systems. http://www.redhat.com/support/alerts/linux_slapper_worm.html Suse recently posted to the bugtraq list that their systems weren't affected. Of these two, only Red Hat have updated the recent CERT notification at http://www.cert.org/advisories/CA-2002-27.html. I haven't seen any other vendors post information to either this list or bugtraq, and apologise now if I've missed one. The bottom line is that the update for openssl that was released around the beginning of August protects systems against the Linux Slapper worm. I haven't checked other Linux vendors sites, but a search of this list's archives should hopefully show the exact dates of the update. On a personal note, I contacted Red Hat directly by telephone having not seen an update almost six weeks since the original vulnerability was released and was advised to log this as a bug. At this point it was my (mis)understanding that an update was still due to come out. I duly did this via their "bugzilla" site: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=74312 I then informed the openssl support list of this bug report with the promise to let them know the result. At this point I found out what I've stated above. I never saw the link from Red Hat's home page because it was too far down the page and anyway I was looking for information on the errata pages (http://www.redhat.com/errata/). These pages do not contain enough information to reassure system administrators that their systems are protected against the vulnerability that this worm exploits. Neither does the "changelog" of the affected package (which I am assured will be better in future). I do not believe that I am the only Linux admin who has been waiting for an update from my vendor when in fact none was needed. Worse still, the media who have covered this have also got their facts wrong. For example, Computer Weekly stated falsely that you need to upgrade to openssl 0.9.6g http://www.cw360.com/bin/bladerunner?REQSESS=ri42U88C&REQAUTH=0&2149REQEVENT =&CARTI=115793&CARTT=1&CCAT=1&CCHAN=13&CFLAV=1 In the end Linux Slapper is a non-event, as responsible admins would have had their systems up to date well before this worm was written, especially as the update doesn't require a reboot like in the "evil" Windows world. I believe that the whole disclosure of both the vulnerability and the existence of the worm has been badly handled by CERT, Bugtraq and all of the Linux Vendors. Were I writing a school report, I'd put "could do better"! It's probably worth me pointing out that I sent a version of the above to the bugtraq list which has yet to be approved, if at all. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk Reality TV - the ultimate oxymoron - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk
Current thread:
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 23)
- <Possible follow-ups>
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 23)
- The last word on the Linux Slapper worm Ron DuFresne (Sep 23)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 25)
- The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 25)
- The last word on the Linux Slapper worm Ben Laurie (Sep 26)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 25)
- The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 26)
- The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 26)
- The last word on the Linux Slapper worm vdongen (Sep 26)
- The last word on the Linux Slapper worm Ben Laurie (Sep 26)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 26)
(Thread continues...)