RE: [MLUG] Apache worm released (fwd)

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG membership <EMAIL:PROTECTED>
Subject: RE: [MLUG] Apache worm released (fwd)
From: Mike Miller <EMAIL:PROTECTED>
Date: Mon, 1 Jul 2002 14:40:52 -0500 (CDT)
In-reply-to: <EMAIL:PROTECTED>
Reply-to: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED

On Mon, 1 Jul 2002, Sam Napier wrote:

> Form what I've read only FreeBSD (FreeBSD.Scalper.Worm) seems to
> affected so far. Any variants come in to the light yet?

Not that I've seen, but that doesn't prove anything.  I'm only reading
SANS newsletter.  See relevant portion below.

Mike


**********************************************************************
                           SANS NEWSBITES
                The SANS Weekly Security News Overview
Volume 4, Number 26                                      June 26, 2002
Editorial Team:
             Kathy Bradford, Dorothy Denning, Roland Grefer,
             Bill Murray, Stephen Northcutt, Alan Paller,
                    Marcus Ranum, Eugene Schultz
*********************************************************************

TOP OF THE NEWS

 --20 June 2002  Apache Exploit Posted
Gobbles Security posted an exploit for an Apache server software
vulnerability on several mailing lists and on-line libraries.
The program exploits a security hole in OpenBSD systems running
Apache 1.3.x.   In an e-mail interview, Gobbles said they released
the code because they were fed up with hearing about how it was
an unexploitable hole.  A comment line in the code suggests it may
have been used in the surreptitious backdoor installations in tools
available on Monkey.org.
http://online.securityfocus.com/news/493

 --18 June 2002  Apache Users Urged to Upgrade
Everyone running Apache servers should upgrade their software,
according to the software's developers.  A potentially serious buffer
overflow vulnerability could allow hackers to take control of unpatched
computers or launch a denial of service attack.  CERT/CC has issued
an advisory.  No attacks exploiting the problem have been reported.
http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,72089,00.html
http://www.cert.org/advisories/CA-2002-17.html

--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

References:
- RE: [MLUG] Apache worm released (fwd)
  - From: "Sam Napier" <EMAIL:PROTECTED>

Prev by Date: RE: [MLUG] Apache worm released (fwd)
Next by Date: [MLUG] 11th USENIX Security Symposium, August 5-9 (fwd)
Previous by thread: RE: [MLUG] Apache worm released (fwd)
Next by thread: RE: [MLUG] Apache worm released (fwd)
Index(es):
- Date
- Thread