Full Disclosure mailing list archives
OpenSSL Worm ?
From: solareclipse () phreedom org (Solar Eclipse)
Date: Fri, 13 Sep 2002 22:37:42 -0500
On Fri, Sep 13, 2002 at 07:54:08PM -0400, Jonathan Rickman wrote:
On Fri, 13 Sep 2002, EPiC wrote:Here is the apache one that is going around right now.. check for /tmp/.bugtraq and .bugtraq.c http://dammit.lt/apache-worm/apache-worm.cOld news. http://online.securityfocus.com/archive/1/279633
New news. There is a new apache worm, based on the scalper worm from June. The new variant has a new exploit section and targets Apache/SSL servers, exploiting the recent vulnerability in OpenSSL 0.6.9d. The exploit works on Linux servers running the following distributions: struct archs { char *os; char *apache; int func_addr; } architectures[] = { {"Gentoo", "", 0x08086c34}, {"Debian", "1.3.26", 0x080863cc}, {"Red-Hat", "1.3.6", 0x080707ec}, {"Red-Hat", "1.3.9", 0x0808ccc4}, {"Red-Hat", "1.3.12", 0x0808f614}, {"Red-Hat", "1.3.12", 0x0809251c}, {"Red-Hat", "1.3.19", 0x0809af8c}, {"Red-Hat", "1.3.20", 0x080994d4}, {"Red-Hat", "1.3.26", 0x08161c14}, {"Red-Hat", "1.3.23", 0x0808528c}, {"Red-Hat", "1.3.22", 0x0808400c}, {"SuSE", "1.3.12", 0x0809f54c}, {"SuSE", "1.3.17", 0x08099984}, {"SuSE", "1.3.19", 0x08099ec8}, {"SuSE", "1.3.20", 0x08099da8}, {"SuSE", "1.3.23", 0x08086168}, {"SuSE", "1.3.23", 0x080861c8}, {"Mandrake", "1.3.14", 0x0809d6c4}, {"Mandrake", "1.3.19", 0x0809ea98}, {"Mandrake", "1.3.20", 0x0809e97c}, {"Mandrake", "1.3.23", 0x08086580}, {"Slackware", "1.3.26", 0x083d37fc}, {"Slackware", "1.3.26",0x080b2100} }; But this doesn't mean that other Linux distribution can't be added. The worm leaves no entry in httpd.log and does not crash Apache. After exploiting the server, it uploads its source as /tmp/.bugtraq.c and compiles it as /tmp/.bugtraq The kiddies are surely having fun at the moment. Solar Eclipse
Current thread:
- OpenSSL Worm ? Ka (Sep 13)
- OpenSSL Worm ? EPiC (Sep 13)
- OpenSSL Worm ? Jonathan Rickman (Sep 13)
- OpenSSL Worm ? Solar Eclipse (Sep 13)
- OpenSSL Worm ? Nick FitzGerald (Sep 13)
- OpenSSL Worm ? Helmut Springer (Sep 14)
- OpenSSL Worm ? Jonathan Rickman (Sep 13)
- OpenSSL Worm ? Nick FitzGerald (Sep 13)
- OpenSSL Worm ? EPiC (Sep 13)
- OpenSSL Worm ? Len Rose (Sep 13)
- OpenSSL Worm ? David Kennedy CISSP (Sep 13)