Previous Security Advisories

OpenSSL 'Slapper' Update

September 17, 2002

Anti-virus firm F-Secure has placed one of their systems on the Slapper worm’s peer to peer network, enabling them to monitor the number of OpenSSL servers infected. The data they’ve colleced thus far indicates that it is spreading fairly rapidly: as of this morning, over 11249 systems were on the worm’s P2P network, compared to […]

More on the OpenSSL 'Slapper' Worm

September 16, 2002

Symantec has released an advisory for the emerging OpenSSL exploit worm, which has been given the name “Slapper”. It attacks servers by sending a malformed GET request to port 443 to trigger a buffer overflow and obtain a shell. The worm then sends over its own UUencoded source code in a file named .bugtraq.c to […]

OpenSSL Worm Spotted in Wild

September 13, 2002

We’ve been following credible reports that a worm propagating in the wild is breaking into servers running vulnerable versions of OpenSSL. Last month, several critical security issues, including a client-exploitable remote buffer overflow in the SSLv2 handshake process, were discovered in all OpenSSL versions prior to 0.9.6e. The worm appears to exploit this hole, although […]

« Older Entries   Newer Entries »