slapper worm
James Kosin
jkosin at beta.intcomgrp.com
Tue Jan 24 14:06:41 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jesse Keating wrote:
> On Mon, 2006-01-23 at 17:11 -0500, James Kosin wrote:
>> My version takes care of the mod_ssl issue he already disabled. FC1
>> doesn't have a fix or if so it hasn't gone through QA yet.
>
> Do you have a CVE for the ssl issue? I'd like to see if it is somewhere
> in the QA pipeline.
>
>
>
> ------------------------------------------------------------------------
Jesse,
Just checked this morning.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175406
But, I think we may need to do something pro actively... I'm seeing
many posting either not knowing about this worm or not knowing if they
are protected or how vulnerable they may be.
Many use (or using) WebAdmin for simple configuration or installing
other software making them more vulnerable. My FC1 box was not
vulnerable, only because I like to use the command line and edit files
manually instead of by web-pages.
What we need is a comprehensive fix to prevent all this from happening
unknowingly to the users. Or a way of checking before they get infected.
James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD1jRxkNLDmnu1kSkRAlmuAJ9E/0owV13AuVZOxK+I0F859ZRCYACffnal
zuVC11nLSrrGWJMEucMAswg=
=0ZT6
-----END PGP SIGNATURE-----
--
Scanned by ClamAV - http://www.clamav.net
More information about the fedora-legacy-list
mailing list