slapper worm

James Kosin jkosin at beta.intcomgrp.com
Mon Jan 23 22:11:12 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jesse Keating wrote:
> 
> James, what is in your package that we haven't included in our Apache?
> I was under the assumption that we had fixed all the CVEs related to the
> slapper worm and that our users were safe.  If this isn't the case, we
> have a severe problem and need to fix this immediately.
> 
> 
> 
> ------------------------------------------------------------------------

Jesse,

Hi.  I think it was fixed with the updates to perl by the update.  But,
that said, he could have a WebAdmin install that makes him vulnerable again.

My version takes care of the mod_ssl issue he already disabled.  FC1
doesn't have a fix or if so it hasn't gone through QA yet.
My version does add the mod_security module to Apache which should help
with this and other worms that try to access via this type of method.

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD1VSAkNLDmnu1kSkRAuV5AJ4tHYj1a7HHknypuE0F0UhJyYDL7QCeKHDq
DB1v27kblhsQGeIJdpyGEjI=
=ywd9
-----END PGP SIGNATURE-----
-- 
Scanned by ClamAV - http://www.clamav.net




More information about the fedora-legacy-list mailing list