[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] OpenSSL Worm in the wild....
- Subject: [cobalt-security] OpenSSL Worm in the wild....
- From: "Rick Ewart" <cobalt@xxxxxxxxx>
- Date: Fri, 13 Sep 2002 21:54:06 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Perhaps I am stiring up something that isn't a problem, but I don't think
so.... Read the items below....
Looks like everyone better at least minimize the info given out by the
Server... To do so:
edit /etc/httpd/conf/httpd.conf
and add the following line:
ServerTokens ProductOnly
Then restart Apache...
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start
HTH...
Rick
I got this from my CISSP list..... Sorry for the generic setup but they get
cranky if you quote names - it is a list for CISSPs only.
>> I have now seen a worm for the OpenSSL problems I reported a few weeks
>> back in the wild. Anyone who has not patched/upgraded to 0.9.6e+ should
>> be _seriously worried_.
>>
>> It appears to be exclusively targeted at Linux systems, but I wouldn't
>> count on variants for other systems not existing.
Someone from a REALLY BIG security vendor replied:
>The incident analysis team over here is examining this thing. At first
>glance it looks reasonably sophisticated. Looks to me like it exploits
>the issue described as BID 5363, http://online.securityfocus.com/bid/5363.
>It seems to pick targets based on the "Server:" HTTP response field.
>[somebody] proposed a quick workaround of disabling ServerTokens or
>setting it to ProductOnly to turn away at least this version of the exploit
>until fixes can be applied. Another thing to note is that it communicates
>with its friends over UDP / port 2002.
>
>I'd like to request IP addresses of hosts that have been compromised or
>that are currently attacking systems from anyone who is comfortable
>sharing this information. We wish to run it through TMS (formerly
>known as ARIS) to see how quickly it is propagating.