Security Advisories
OpenSSL Vulnerability Detection Tool Released
September 18, 2002
RUS-CERT has released a useful tool for the remote detection of vulnerable OpenSSL servers. It connects to a host and attempts to perform a small, harmless buffer overflow; if the target does not crash, it is likely susceptible to the Slapper worm and other SSLv2 exploits. Updated OpenSSL servers may crash or return errors when […]
OpenSSL 'Slapper' Update
September 17, 2002
Anti-virus firm F-Secure has placed one of their systems on the Slapper worm’s peer to peer network, enabling them to monitor the number of OpenSSL servers infected. The data they’ve colleced thus far indicates that it is spreading fairly rapidly: as of this morning, over 11249 systems were on the worm’s P2P network, compared to […]
More on the OpenSSL 'Slapper' Worm
September 16, 2002
Symantec has released an advisory for the emerging OpenSSL exploit worm, which has been given the name “Slapper”. It attacks servers by sending a malformed GET request to port 443 to trigger a buffer overflow and obtain a shell. The worm then sends over its own UUencoded source code in a file named .bugtraq.c to […]
« Older Entries Newer Entries »
