Re: Slapper worm

> On Tue, Dec 03, 2002 at 08:22:01AM +0800 or thereabouts, Toto Gamez > wrote: > > How would I know that my box is infected with slapper worm virus > On Mon, 2 Dec 2002 18:37:22 -0600 Gary <[EMAIL PROTECTED]> wrote: > > you will find all the info you need here. >

Re: Slapper worm

On Mon, Dec 02, 2002 at 10:24:37PM -0600 or thereabouts, Bret Hughes wrote: > On Mon, 2002-12-02 at 18:37, Gary wrote: > > > sed '/^[when][coders]/!d > > /^...[discover].$/d > >/^..[real].[code]$/!d > > ' /usr/share/dict/words > > That's pretty good. It cracked me up...

Re: Slapper worm

On Mon, 2002-12-02 at 18:37, Gary wrote: > sed '/^[when][coders]/!d > /^...[discover].$/d >/^..[real].[code]$/!d > ' /usr/share/dict/words That's pretty good. Bret -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.red

Re: Slapper worm

On Tue, Dec 03, 2002 at 08:22:01AM +0800 or thereabouts, Toto Gamez wrote: > How would I know that my box is infected with slapper worm virus you will find all the info you need here. http://www.google.com/linux?hl=en&lr=&ie=ISO-8859-1&q=slapper+worm -- Best regards, Gary

Slapper worm

How would I know that my box is infected with slapper worm virus

Re: Possible Slapper Worm installed?

On Mon, Nov 11, 2002 at 10:23:03AM +1000, Peter Kiem wrote: > On my nightly chkrootkit run over the weekend I noticed this on one of my > servers: > Checking `slapper'... Warning: Possible Slapper Worm installed > > Yet subsequent checks turned up nothing. It is a Red Hat

Possible Slapper Worm installed?

Hi, On my nightly chkrootkit run over the weekend I noticed this on one of my servers: Checking `slapper'... Warning: Possible Slapper Worm installed Yet subsequent checks turned up nothing. It is a Red Hat 7.1 server running apache-1.3.22-5.7.1, mod_ssl-2.8.5-5 and openssl-0.9.6-13 whic

Re: Slapper Worm Infection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27-Sep-2002/08:46 -0500, RTS <[EMAIL PROTECTED]> wrote: > >Besides the files in the /tmp directory how can you tell if you have been >infected?? See "Detecting Apache/mod_ssl worm activity on the network" in CERT Advisory CA-2002-27

Re: Slapper Worm Infection

On Fri, 2002-09-27 at 06:46, RTS wrote: > > Besides the files in the /tmp directory how can you tell if you have been > infected?? It may be more difficult with the recent variants. If you aren't up to date, the safest thing to do would be to assume you're infected, update the packages, and re

Slapper Worm Infection

Besides the files in the /tmp directory how can you tell if you have been infected?? Does it change any files on the system?? Symantec and Mcafee was not really clear to me on this. Thanks Randy -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https:/

Re: slapper worm

For those people who like to click on links. The link should be: http://www.cert.org/advisories/CA-2002-27.html Mark missed one of the forward slashes / :) Steve At 01:54 PM 9/25/2002 -0500, you wrote: >The CERT Advisory (www.cert.orgadvisories/CA-2002-27.html) will give you >ideas for finding

Re: slapper worm

The CERT Advisory (www.cert.orgadvisories/CA-2002-27.html) will give you ideas for finding and patching. I discovered the files /tmp/.uubugraq and /tmp/.bugtraq on my system. This is a sign of Variant A. Mark >>> [EMAIL PROTECTED] 09/25/02 13:39 PM >>> how do i ascertain whether I have been infe

slapper worm

how do i ascertain whether I have been infected ? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list

Re: Slapper worm

t version of OpenSSL 0.9.6e with >respect to vulnerabilities of the slapper worm, I'm kind of confused on how to do >that, since I've downloaded and compiled OpenSSL. Since I'm a fairly new guy to >Linux, I'd appreciate if any of you gurus can clarify to me whether downloa

Slapper worm

Hi All, I have a couple of Linux machines one running RH 7.2 with Openssl 0.9.6b and one with RH 6.2  OpenSSL 0.9.5 a. If I need to upgrade my machines  to the latest version of OpenSSL 0.9.6e with respect to vulnerabilities of the slapper worm, I'm kind of confused on how to do that, since

Re: You may still be vunerable to the Slapper Worm

56 +0100 "James Wilson" <[EMAIL PROTECTED]> wrote: > Red-Hat's security announcement about the slapper worm > http://www.redhat.com/support/alerts/linux_slapper_worm.html > > Directs users to the follwoing page which is dated before the Worm ( 2002-08-05 !! ) &

Re: Slapper worm

S Peram wrote: > openssl095a-0.9.5a-11 You can 'rpm -e' this one > I tried to upgrade the versions using > rpm -Uvh openssl-0.9.6b-28.i386.rpm but I'm getting the following error: > > openssl = 0.9.6b-8 is needed by openssl-devel-0.9.6b-8 You need to upgrade both: rpm -Uvh openss

RE: Slapper worm

l Message-> From: [EMAIL PROTECTED][mail! to:[EMAIL PROTECTED]]On Behalf Of S Peram> Sent: Monday, September 23, 2002 10:49 AM> To: [EMAIL PROTECTED]> Subject: Slapper worm> If I need to upgrade my machines to the latest version of OpenSSL 0.9.6ewith respect to vulnerabilities o

Re: Slapper worm

On Mon, 23 Sep 2002, S Peram wrote: > > Hi All, > > I have a couple of Linux machines one running RH 7.2 with Openssl 0.9.6b and one >with RH 6.2 OpenSSL 0.9.5 a. > > If I need to upgrade my machines to the latest version of OpenSSL 0.9.6e with >respect to vulner

RE: Slapper worm

ay, September 23, 2002 10:49 AM > To: [EMAIL PROTECTED] > Subject: Slapper worm > If I need to upgrade my machines to the latest version of OpenSSL 0.9.6e with respect to vulnerabilities of the slapper worm, I'm kind of confused on how to do that, since I've downloaded and comp

Slapper worm

Hi All, I have a couple of Linux machines one running RH 7.2 with Openssl 0.9.6b and one with RH 6.2  OpenSSL 0.9.5 a. If I need to upgrade my machines  to the latest version of OpenSSL 0.9.6e with respect to vulnerabilities of the slapper worm, I'm kind of confused on how to do that, since

Re: You may still be vunerable to the Slapper Worm

On Fri, Sep 20, 2002 at 04:29:18PM +0100, James Wilson wrote: > www.freebsd.org [...] > And FreeBSD allows you to patch OpenSSL from src in under 3 minutes. If - and only if - you happen to own a machine that's fast enough to do so - which is the major catch with all source based patching. On the

Re: You may still be vunerable to the Slapper Worm

On Fri, Sep 20, 2002 at 11:15:45AM -0500, Ed Wilts wrote: > rpm works fine. It upgraded the package as it was supposed to. How do you > think rpm failed? Loose nut behind steering. Initial reports now conclusively confirmed. (Worked fine for me too, about a month ago, and maybe took 50 seconds

RE: You may still be vunerable to the Slapper Worm

[EMAIL PROTECTED] Subject: RE: You may still be vunerable to the Slapper Worm It looks like you were right guys, the rpm tool once again has failed to do anything useful and once I upgraded from src its closed the vunerability. I'd apologise for the misinformation, but it seems that you enj

Re: You may still be vunerable to the Slapper Worm

On Fri, Sep 20, 2002 at 04:29:18PM +0100, James Wilson wrote: > It looks like you were right guys, the rpm tool once again has failed to do anything >useful and once I upgraded from src its closed the vunerability. I'd apologise for >the misinformation, but it seems that you enjoyed the chance f

RE: You may still be vunerable to the Slapper Worm

under 3 minutes. -Original Message- From: Edward Wildgoose [mailto:[EMAIL PROTECTED]] Sent: 20 September 2002 15:00 To: [EMAIL PROTECTED] Subject: RE: You may still be vunerable to the Slapper Worm > What Red Hat has done is issue patches before the vulnerabilities are > exploited. They

RE: You may still be vunerable to the Slapper Worm

> What Red Hat has done is issue patches before the vulnerabilities are > exploited. They don't wait until the customer is screwed before getting > around to fixing the bugs. Some vendors (a large Redmond-based software > company comes to mind) play Russian roulette and wait until the exploits >

Re: You may still be vunerable to the Slapper Worm

On Fri, Sep 20, 2002 at 01:35:56PM +0100, James Wilson wrote: > Red-Hat's security announcement about the slapper worm > http://www.redhat.com/support/alerts/linux_slapper_worm.html > > Directs users to the follwoing page which is dated before the Worm ( 2002-08-05 !! ) > h

Re: You may still be vunerable to the Slapper Worm

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20-Sep-2002/13:35 +0100, James Wilson <[EMAIL PROTECTED]> wrote: >Red-Hat's security announcement about the slapper worm >http://www.redhat.com/support/alerts/linux_slapper_worm.html > >Directs users to the follwoing page wh

Re: You may still be vunerable to the Slapper Worm

On Fri, Sep 20, 2002 at 01:35:56PM +0100, James Wilson wrote: > Red-Hat's security announcement about the slapper worm > http://www.redhat.com/support/alerts/linux_slapper_worm.html > > Directs users to the follwoing page which is dated before the Worm ( > 2002-08-05 !! ) h

You may still be vunerable to the Slapper Worm

Red-Hat's security announcement about the slapper worm http://www.redhat.com/support/alerts/linux_slapper_worm.html Directs users to the follwoing page which is dated before the Worm ( 2002-08-05 !! ) http://rhn.redhat.com/errata/RHSA-2002-160.html These rpm versions of OpenSSL are pre 0

RE: Slapper Worm on openssl 0.9.6b(-28)

TECTED]]On Behalf Of Nick White Sent: Wednesday, September 18, 2002 4:19 PM To: '[EMAIL PROTECTED]' Subject: RE: Slapper Worm on openssl 0.9.6b(-28) >From the changelog: (via rpm -q --changelog) * Thu Aug 01 2002 Nalin Dahyabhai <[EMAIL PROTECTED]> 0.9.6b-28 - update asn patch

RE: Slapper Worm on openssl 0.9.6b(-28)

al Message- From: Trevor [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 1:48 PM To: [EMAIL PROTECTED] Subject: RE: Slapper Worm on openssl 0.9.6b(-28) "rpm -q --changelog openssl | grep ASN" can tell you the same thing... without the tech support . Trevor. -Orig

RE: Slapper Worm on openssl 0.9.6b(-28)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 18 Sep 2002, Nick White posted the following: NW>That's exactly why I contacted RedHat... They don't have information NW>anywhere about the worm on their web site. I dunno why but this satisfied my curiosity: http://www.redhat.com/support

RE: Slapper Worm on openssl 0.9.6b(-28)

.6b-28 is safe. (see RedHat's response below) Dear Sir, We apologize for the delay. Our Escalation point has responded and he said that the latest openssl update (the one that you have installed) is not vulnerable to the slapper worm. Red Hat Developers have already patched the package agai

RE: Slapper Worm on openssl 0.9.6b(-28)

elow) Dear Sir, We apologize for the delay. Our Escalation point has responded and he said that the latest openssl update (the one that you have installed) is not vulnerable to the slapper worm. Red Hat Developers have already patched the package against the exploit used by the slapper worm.

Re: Slapper Worm on openssl 0.9.6b

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18-Sep-2002/13:22 -0400, Jason Costomiris <[EMAIL PROTECTED]> wrote: >On Wed, Sep 18, 2002 at 01:14:19PM -0400, Anthony E. Greene wrote: >: Specifically 0.9.6b-28. Earlier 0.9.6b packages (ie; 0.9.6b-24 and >: 0.9.6b-8) may not have the fix for thi

Re: Slapper Worm on openssl 0.9.6b

On Wed, Sep 18, 2002 at 01:14:19PM -0400, Anthony E. Greene wrote: : Specifically 0.9.6b-28. Earlier 0.9.6b packages (ie; 0.9.6b-24 and : 0.9.6b-8) may not have the fix for this vulnerability. : : I really wish RH would make some kind of explicit announcement about this. You mean, like this: ht

Re: Slapper Worm on openssl 0.9.6b

On Wed, 2002-09-18 at 13:14, Anthony E. Greene wrote: > I really wish RH would make some kind of explicit announcement about this. They've done. http://www.redhat.com/support/alerts/linux_slapper_worm.html -- Saul Arias - [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAI

Re: Slapper Worm on openssl 0.9.6b

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18-Sep-2002/07:42 -0700, Nick White <[EMAIL PROTECTED]> wrote: >I've called RedHat about the "Slapper" worm and it appears that the RHN >package 0.9.6b is safe. [snip] Specifically 0.9.6b-28. Earlier 0.9.6b packages

Slapper Worm on openssl 0.9.6b

I've called RedHat about the "Slapper" worm and it appears that the RHN package 0.9.6b is safe. Below is a response from their support. __ Description of your problem: using openssl 0.9.6b from the Red Hat Network. Is this vulnerable from th