[TriLUG] openssl bug
Wed, 18 Sep 2002 09:05:41 -0400
Content-Type: text/plain; charset=us-ascii
Greg Brown [email@example.com] wrote:
> Looking at the release date I'd say that it's fairly impossible that=20
> this is going to fix any bugs discovered after August, 01, 2002. =20
> So my website is still down (not a big deal, really) but I would like=20
> to get it back up and running sometime..
I'm not sure if the replies from other folks were clear, or not, but
this worm (much like CodeRed and Nimda) is not exploiting a -new-
vulnerability. They are exploiting an old vulnerability that was
announced in the July time frame.
First, see CERT's post on the worm:
Within that, they link to their earlier message on the actual vuln:
In the vendor response section of that second page, you see RedHat's
Make sure the RPMs you have installed match the recommended RPMs from
RedHat's page, and you're fine. It's not so much that you need any new
patch to defend against this worm, you need the patch that fixes the
vulnerability that the worm exploits, for which updates were released in
Hope that clears things up a bit.
"Let the power of Ponch compel you! Let the power of Ponch compel you!"
-- Zorak on Space Ghost
GNUPG Key fingerprint =3D ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key =3D http://www.enoch.org/mike/mike.pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----