Full Disclosure mailing list archives

The last word on the Linux Slapper worm

From: pauls () utdallas edu (Schmehl, Paul L)
Date: Wed, 25 Sep 2002 17:10:29 -0500

Interesting.  I patched openssl the day the patch was announced (using
up2date.)  When the Slapper worm came out, I knew my system wasn't
vulnerable, because I had already applied the patch on June 29th when it
was released.  I'm not sure why there would have been confusion about
whether or not your system might be vulnerable, since both the the
vulnerability and the patch were publicly announced, but I suspect it
had to do with the fact that (at least in the case of Red Hat) the
*version* of openssl you're running is patched rather than updating to
the latest version.

On RH 7.2 (my system), for example, openssl is version 0.9.6b, but it's
patched against this vulnerability.  All the advisories suggest updating
to at least version 0.9.6e if not g, but they do not address the fact
that your vendor may have patched previous versions.  I sent a post to
bugtraq pointing that out, but it was never published.  Guess I'll just
use this list from now on.

Paul Schmehl (pauls () utdallas edu)
Department Coordinator
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

-----Original Message-----
From: John.Airey () rnib org uk [mailto:John.Airey () rnib org uk] 
Sent: Monday, September 23, 2002 9:48 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] The last word on the Linux Slapper worm
Importance: High

There has been a lack of information about the potential for 
damage around the Linux Slapper worm, and posts to the 
bugtraq list ranging from the sublime to the ridiculous. I am 
hoping that this post will clear up any doubts people may 
have about the vulnerabilities of their systems. It appears 
that the Linux vendors and openssl had been working together 
to produce an update to the vulnerability that was exploited 
by this worm. However, none of the openssl maintainers other 
than Mark Cox of Red Hat knows anything about this from what 
I can gather.

Current thread:

The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 23)
- <Possible follow-ups>
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 23)
  - The last word on the Linux Slapper worm Ron DuFresne (Sep 23)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 25)
  - The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 25)
  - The last word on the Linux Slapper worm Ben Laurie (Sep 26)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 25)
  - The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 26)
  - The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 26)
- The last word on the Linux Slapper worm vdongen (Sep 26)
  - The last word on the Linux Slapper worm Ben Laurie (Sep 26)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 26)
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 26)
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 26)

(Thread continues...)