Full Disclosure mailing list archives
The last word on the Linux Slapper worm
From: John.Airey () rnib org uk (John.Airey () rnib org uk)
Date: Thu, 26 Sep 2002 22:29:17 +0100
My issue was not with the vendor not changing the version number of the package with updates, which themselves are so staggeringly inconsistent to make the process very difficult if not impossible, but with not advising the users about the patch level. As I write, CERT still have no updates to the alert at http://www.cert.org/advisories/CA-2002-27.html. Going by their data, every Linux vendor exceot Red Hat is still vulnerable. In this case the issue of not having a Red Hat package version matching the latest version is in the openssl FAQ anyway (and I need to update it as it applies to the last security patch at 0.9.6b). Of course, it's fallacious to think that you always need the latest version. For example, openssl 0.9.6g contains an update for code that is still in beta testing. (This time I'm only posting once. It went twice the last time due to my overeagerness to post before and after subscribing!) John - sigless due to hopeless Outlook Web Access. - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk
Current thread:
- The last word on the Linux Slapper worm, (continued)
- The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 25)
- The last word on the Linux Slapper worm Ben Laurie (Sep 26)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 25)
- The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 26)
- The last word on the Linux Slapper worm Mikhail Iakovlev (Sep 26)
- The last word on the Linux Slapper worm vdongen (Sep 26)
- The last word on the Linux Slapper worm Ben Laurie (Sep 26)
- The last word on the Linux Slapper worm Schmehl, Paul L (Sep 26)
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 26)
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 26)
- The last word on the Linux Slapper worm John.Airey () rnib org uk (Sep 26)
- The last word on the Linux Slapper worm Mike Tone (Sep 26)