On Fri, Sep 20, 2002 at 01:35:56PM +0100, James Wilson wrote: > Red-Hat's security announcement about the slapper worm > http://www.redhat.com/support/alerts/linux_slapper_worm.html > > Directs users to the follwoing page which is dated before the Worm ( 2002-08-05 !! ) > http://rhn.redhat.com/errata/RHSA-2002-160.html
The reason it's dated before the worm is that because Red Hat patched the vulnerability before it could be exploited. Red Hat - like most vendors - doesn't patch against worms. Patches are applied against vulnerabilities. Frequently, those vulnerabilities have not yet been exploited. Worm writers assume (unfortunately correctly) that many system administrators don't apply security patches. Worm writers sometimes find out how to exploit the vulnerability by looking at the patch! What Red Hat has done is issue patches before the vulnerabilities are exploited. They don't wait until the customer is screwed before getting around to fixing the bugs. Some vendors (a large Redmond-based software company comes to mind) play Russian roulette and wait until the exploits are out there, and then fix the bugs. The customer loses. > These rpm versions of OpenSSL are pre 0.9.6e and still vunerable to the worm Please back this claim up. Do you have evidence of a patched system that's been successfully attacked? I've got personal evidence of a system that was unsuccessfully attacked by this worm - it's still running Red Hat Linux 6.2 but has current Red Hat patches applied. -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
