OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: X-Force (xforce_at_iss.net)
Date: Sat Sep 14 2002 - 21:56:47 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
    majordomoiss.net Contact issforum-owneriss.net for help with any problems!
    ----------------------------------------------------------------------------

    -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert
    September 14, 2002
     
    "Slapper" OpenSSL/Apache Worm Propagation
     
    Synopsis:
     
    ISS X-Force has learned of the active propagation of a worm which exploits a
    previously disclosed vulnerability in Secure Sockets Layer 2.0 (SSLv2)
    handshake process. The worm is a modified derivative of the Apache "Scalper"
    BSD worm. Current versions of the Slapper worm that are in the wild are
    targeting Linux servers running Apache with mod_ssl. The worm has distributed
    denial of service (DDoS) capabilities, as well as backdoor functionality.
    Netcraft.com reports that over 66% of all active Web servers on the Internet
    are running Apache. Securityspace.org reports that there are nearly 1.4
    million OpenSSL installations on the Internet.

    Impact:
     
    Apache/mod_ssl servers with affected OpenSSL versions are being actively
    compromised. Once a server is infected, the backdoor can be accessed without
    any authentication. This may lead to third-parties using infected hosts to
    launch future DDoS attacks. X-Force has received reports that the DDoS
    capabilities associated with this worm are very powerful and have already
    been used to attack and disable high-profile targets. Binary and source code
    versions of the worm are available and are being actively circulated.
    Widespread access to the source code of this worm may lead to the development
    of more powerful variants.

    Affected Versions:

    OpenSSL versions up to and including 0.9.6d and 0.9.7 beta1

    Current versions of the Slapper worm only target the following Linux
    distributions. The worm may trigger unpredictable results on additional Unix
    platforms. Other Unix platforms, as well as Apache with OpenSSL for Windows
    may also be vulnerable to the OpenSSL vulnerability.

    Debian Linux, Apache 1.3.26
    RedHat Linux, Apache 1.3.6
    RedHat Linux, Apache 1.3.9
    RedHat Linux, Apache 1.3.12
    RedHat Linux, Apache 1.3.19
    RedHat Linux, Apache 1.3.20
    RedHat Linux, Apache 1.3.23
    SuSE Linux, Apache 1.3.12
    SuSE Linux, Apache 1.3.17
    SuSE Linux, Apache 1.3.19
    SuSE Linux, Apache 1.3.20
    SuSE Linux, Apache 1.3.23
    Mandrake Linux, Apache 1.3.14
    Mandrake Linux, Apache 1.3.19
    Mandrake Linux, Apache 1.3.20
    Mandrake Linux, Apache 1.3.23
    Slackware Linux, Apache 1.3.26
    Gentoo Linux (Apache version undetermined)

    For the complete ISS X-Force Security Advisory, please visit:
    http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21130
    ______

    About Internet Security Systems (ISS)
    Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
    pioneer and world leader in software and services that protect critical
    online resources from an ever-changing spectrum of threats and misuse.
    Internet Security Systems is headquartered in Atlanta, GA, with
    additional operations throughout the Americas, Asia, Australia, Europe
    and the Middle East.

    Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
    worldwide.

    Permission is hereby granted for the electronic redistribution of this
    document. It is not to be edited or altered in any way without the
    express written consent of the Internet Security Systems X-Force. If you
    wish to reprint the whole or any part of this document in any other
    medium excluding electronic media, please email xforceiss.net for
    permission.

    Disclaimer: The information within this paper may change without notice.
    Use of this information constitutes acceptance for use in an AS IS
    condition. There are NO warranties, implied or otherwise, with regard to
    this information or its use. Any use of this information is at the
    user's risk. In no event shall the author/distributor (Internet Security
    Systems X-Force) be held liable for any damages whatsoever arising out
    of or in connection with the use or spread of this information.

    X-Force PGP Key available on MIT's PGP key server and PGP.com's key
    server, as well as at http://www.iss.net/security_center/sensitive.php

    Please send suggestions, updates, and comments to: X-Force
    xforceiss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBPYP2tjRfJiV99eG9AQHrjQQAk2V4rBXMQldC5/08yRJt848p/lsh3Xgv
    vPsOxnHT6DGlkSHZbXFRiwY+50b410wLfY48FhJlBD3zp5TOoUVOaT/3dQc7J+vl
    wro3bcEBB8sAEtjktX3gXfqExflOFUnOQEha7NG2OV91GTzWOUVKd2rO8G3vLLc2
    DBl2W7yRYqQ=
    =P0vn
    -----END PGP SIGNATURE-----