FWD: OpenSSL Worm

[Chuck Yerkes]

Exploits of last July's SSL bugs.  (0.9.6e and previous).

Not necessarily information as much as a pointer to and
an "amber alert"...

----------------------------------------------------
>From Ben Laurie:
I have now seen a worm for the OpenSSL problems I reported a few weeks 
back in the wild. Anyone who has not patched/upgraded to 0.9.6e+ should 
be _seriously worried_.

It appears to be exclusively targeted at Linux systems, but I wouldn't 
count on variants for other systems not existing.

Cheers,

Ben.
----------------------------------------------------
>From a f.o.a.f. at a univ:

---------- Forwarded message ----------
Date: Fri, 13 Sep 2002 17:11:28 -0400 (Eastern Daylight Time)
...
Subject: unix-sa: OpenSSL Worm

Here's a great way to end the week...

There's a worm on the loose that exploits known vulnerabilities in
OpenSSL.  Infected hosts communicate with each other over udp/2002.

Infected hosts probe random IP addresses looking for Apache servers that
disclose information about themselves.

See:
http://online.securityfocus.com/bid/5363/discussion/

for more information including patching info for OpenSSL and band-aids
that can be applied to Apache servers to thwart the worm in the event that
immediate patching is not possible.

I've seen two cases on campus in the past hour.

----- End forwarded message -----