[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Apache worm that uses the chunk vulnerability - in the wild
- Subject: Re: [cobalt-security] Apache worm that uses the chunk vulnerability - in the wild
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Sat, 29 Jun 2002 00:14:27 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Domas Mituzkas just reported that he found the sourcecode:
http://dammit.lt/apache-worm/apache-worm.c
Normally I don't post spoilers of this sort, but special times, special means.
So although it has NOT yet been officially announced: The updated Apache
PKGs for some Cobalts have been uploaded to the Cobalt FTP server:
RaQ2:
ftp://ftp.cobalt.com/pub/packages/raq2/eng/RaQ2-All-Security-4.0.1-15417.pkg
RaQ4:
ftp://ftp.cobalt.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.1-15417.pkg
RaQ3 / Qube3 / XTR / RaQ550:
Not there yet
There is also an unanounced All-Security-2.0.1-14559.pkg for some plattforms
which upgrades tcpdump and libpcap.
--
Mit freundlichen Grüßen / With best regards
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer