Bugtraq mailing list archives
Re: Linux Slapper Worm
From: Miroslaw Jaworski <mjaw () ipartners pl>
Date: Thu, 19 Sep 2002 10:03:32 +0200
* Ajai Khattri (ajai () bitblit net) [020919 09:02] wrote:
Not seeing any announcement from my vendor (and not wanting to compile SSL from source), I set out to see if there was some way of avoiding being infected in the first place. I decided to hack my Apache (1.3.26) source code to send a bogus Server: header
...and you're still vulnerable. Don't forget mod_ssl and openssl show their versions if you talk to SSL-enabled apache ( src/modules/ssl/ssl_engine_init.c, ap_add_version_component ). So whether another kiddie compile PUD code changing it not to look for 'Apache', but 'mod_ssl|open_ssl' - you're dead. Not mentioning another, who won't check server response, but will send all exploits to every 80 port opened - you're dead too. Someone can read your "fix", apply it, and think he's safe. Giving such "advices" _can_ made whole situation worse - some people out there will look for all this "Slapper thing" with smiles thinking they're patched. Go patch the real hole. Regards MJ. -- Miroslaw.Jaworski () ipartners pl ( Psyborg ) MJ102-RIPE Internet Partners Server Administration Department Manager
Current thread:
- Analysis of Modap worm Mario van Velzen (Sep 17)
- Re: Linux Slapper Worm Ajai Khattri (Sep 18)
- Re: Linux Slapper Worm Miroslaw Jaworski (Sep 19)
- Re: Linux Slapper Worm Charles Stevenson (Sep 19)
- Re: Linux Slapper Worm Ajai Khattri (Sep 18)