[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: slapper worm

From: James Kosin <jkosin beta intcomgrp com>
To: Discussion of the Fedora Legacy Project <fedora-legacy-list redhat com>
Subject: Re: slapper worm
Date: Mon, 23 Jan 2006 17:11:12 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jesse Keating wrote:
> 
> James, what is in your package that we haven't included in our Apache?
> I was under the assumption that we had fixed all the CVEs related to the
> slapper worm and that our users were safe.  If this isn't the case, we
> have a severe problem and need to fix this immediately.
> 
> 
> 
> ------------------------------------------------------------------------

Jesse,

Hi.  I think it was fixed with the updates to perl by the update.  But,
that said, he could have a WebAdmin install that makes him vulnerable again.

My version takes care of the mod_ssl issue he already disabled.  FC1
doesn't have a fix or if so it hasn't gone through QA yet.
My version does add the mod_security module to Apache which should help
with this and other worms that try to access via this type of method.

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD1VSAkNLDmnu1kSkRAuV5AJ4tHYj1a7HHknypuE0F0UhJyYDL7QCeKHDq
DB1v27kblhsQGeIJdpyGEjI=
=ywd9
-----END PGP SIGNATURE-----
-- 
Scanned by ClamAV - http://www.clamav.net

Follow-Ups:
- Re: slapper worm
  - From: Jesse Keating

References:
- slapper worm
  - From: Michael Mansour
- Re: slapper worm
  - From: James Kosin
- Re: slapper worm
  - From: Jesse Keating

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]