slapper worm
James Kosin
jkosin at beta.intcomgrp.com
Mon Jan 23 22:11:12 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jesse Keating wrote:
>
> James, what is in your package that we haven't included in our Apache?
> I was under the assumption that we had fixed all the CVEs related to the
> slapper worm and that our users were safe. If this isn't the case, we
> have a severe problem and need to fix this immediately.
>
>
>
> ------------------------------------------------------------------------
Jesse,
Hi. I think it was fixed with the updates to perl by the update. But,
that said, he could have a WebAdmin install that makes him vulnerable again.
My version takes care of the mod_ssl issue he already disabled. FC1
doesn't have a fix or if so it hasn't gone through QA yet.
My version does add the mod_security module to Apache which should help
with this and other worms that try to access via this type of method.
James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD1VSAkNLDmnu1kSkRAuV5AJ4tHYj1a7HHknypuE0F0UhJyYDL7QCeKHDq
DB1v27kblhsQGeIJdpyGEjI=
=ywd9
-----END PGP SIGNATURE-----
--
Scanned by ClamAV - http://www.clamav.net
More information about the fedora-legacy-list
mailing list