September, 2002 | ||||
|
New
Worm Alert: Apache mod_ssl Worm Is Loose
Yet another worm, the Apache/mod_ssl Worm, slapper.worm or bugtraq.c worm,
is propagating itself over the Internet. It attempts to capitalize on a
remotely exploitable buffer overflow problem in Apache OpenSSL to infect
systems. If successful, it puts a copy of its source code on the infected
system, and then attempts to compile this code, which will run with the
privilege level of the web server if compiled successfully. Another possible
outcome is denial of service. The worm may crash any system it infects;
in systems that do not crash, it may try to create a network of infected
systems that communicate with each other in an apparent attempt to set up
a distributed denial of service attack.
Fortunately, this worm currently affects only Linux systems that run Apache
with mod_ssl accessing SSLv2-enabled OpenSSL 0.9.6d or earlier on Intel
x86 architectures. New variants that affect other OSs, OpenSSL versions,
and other architectures are likely to appear soon, however. Ensuring that
your Apache server is fixed is thus of utmost importance. Upgrading
to OpenSSL 0.9.6g is the best solution. Installing the combined patches
for OpenSSL
0.9.6d is the next best solution.
Additional information can be found at http://www.cert.org/advisories/CA-2002-27.html and http://www.lbl.gov/ITSD/Security/Scans/openssl.htm |
|||