Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: X-Force (xforce_at_iss.net)
Date: Sat Sep 14 2002 - 21:56:47 CDT
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert
September 14, 2002
"Slapper" OpenSSL/Apache Worm Propagation
ISS X-Force has learned of the active propagation of a worm which exploits a
previously disclosed vulnerability in Secure Sockets Layer 2.0 (SSLv2)
handshake process. The worm is a modified derivative of the Apache "Scalper"
BSD worm. Current versions of the Slapper worm that are in the wild are
targeting Linux servers running Apache with mod_ssl. The worm has distributed
denial of service (DDoS) capabilities, as well as backdoor functionality.
Netcraft.com reports that over 66% of all active Web servers on the Internet
are running Apache. Securityspace.org reports that there are nearly 1.4
million OpenSSL installations on the Internet.
Apache/mod_ssl servers with affected OpenSSL versions are being actively
compromised. Once a server is infected, the backdoor can be accessed without
any authentication. This may lead to third-parties using infected hosts to
launch future DDoS attacks. X-Force has received reports that the DDoS
capabilities associated with this worm are very powerful and have already
been used to attack and disable high-profile targets. Binary and source code
versions of the worm are available and are being actively circulated.
Widespread access to the source code of this worm may lead to the development
of more powerful variants.
OpenSSL versions up to and including 0.9.6d and 0.9.7 beta1
Current versions of the Slapper worm only target the following Linux
distributions. The worm may trigger unpredictable results on additional Unix
platforms. Other Unix platforms, as well as Apache with OpenSSL for Windows
may also be vulnerable to the OpenSSL vulnerability.
Debian Linux, Apache 1.3.26
RedHat Linux, Apache 1.3.6
RedHat Linux, Apache 1.3.9
RedHat Linux, Apache 1.3.12
RedHat Linux, Apache 1.3.19
RedHat Linux, Apache 1.3.20
RedHat Linux, Apache 1.3.23
SuSE Linux, Apache 1.3.12
SuSE Linux, Apache 1.3.17
SuSE Linux, Apache 1.3.19
SuSE Linux, Apache 1.3.20
SuSE Linux, Apache 1.3.23
Mandrake Linux, Apache 1.3.14
Mandrake Linux, Apache 1.3.19
Mandrake Linux, Apache 1.3.20
Mandrake Linux, Apache 1.3.23
Slackware Linux, Apache 1.3.26
Gentoo Linux (Apache version undetermined)
For the complete ISS X-Force Security Advisory, please visit:
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforceiss.net for
Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforceiss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----