OpenSSL worm in the wild

From: Ben Laurie (benat_private)
Date: Fri Sep 13 2002 - 10:16:33 PDT

Next message: Auriemma Luigi: "Savant 3.1 multiple vulnerabilities"

Previous message: Fernando Nunes: "bugtraq.c httpd apache ssl attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have now seen a worm for the OpenSSL problems I reported a few weeks 
back in the wild. Anyone who has not patched/upgraded to 0.9.6e+ should 
be _seriously worried_.

It appears to be exclusively targeted at Linux systems, but I wouldn't 
count on variants for other systems not existing.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Next message: Auriemma Luigi: "Savant 3.1 multiple vulnerabilities"
Previous message: Fernando Nunes: "bugtraq.c httpd apache ssl attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 11:48:03 PDT