slapper worm
Mike McCarty
mike.mccarty at sbcglobal.net
Tue Jan 24 19:08:52 UTC 2006
James Kosin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jesse Keating wrote:
>
>>On Mon, 2006-01-23 at 17:11 -0500, James Kosin wrote:
>>
>>>My version takes care of the mod_ssl issue he already disabled. FC1
>>>doesn't have a fix or if so it hasn't gone through QA yet.
>>
>>Do you have a CVE for the ssl issue? I'd like to see if it is somewhere
>>in the QA pipeline.
>>
>>
>>
>>------------------------------------------------------------------------
>
> Jesse,
>
> Just checked this morning.
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175406
>
> But, I think we may need to do something pro actively... I'm seeing
> many posting either not knowing about this worm or not knowing if they
> are protected or how vulnerable they may be.
[snip]
I'm a little shocked at this, frankly. I Googled around, and
found mentions of the Slapper going back to 2002. Why is it that
this exploit (and variations of it) haven't all been stamped
out years ago?
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
More information about the fedora-legacy-list
mailing list