Previous Security Advisories
OpenSSL 'Slapper' Update
September 17, 2002
Anti-virus firm F-Secure has placed one of their systems on the Slapper worm’s peer to peer network, enabling them to monitor the number of OpenSSL servers infected. The data they’ve colleced thus far indicates that it is spreading fairly rapidly: as of this morning, over 11249 systems were on the worm’s P2P network, compared to […]
More on the OpenSSL 'Slapper' Worm
September 16, 2002
Symantec has released an advisory for the emerging OpenSSL exploit worm, which has been given the name “Slapper”. It attacks servers by sending a malformed GET request to port 443 to trigger a buffer overflow and obtain a shell. The worm then sends over its own UUencoded source code in a file named .bugtraq.c to […]
OpenSSL Worm Spotted in Wild
September 13, 2002
We’ve been following credible reports that a worm propagating in the wild is breaking into servers running vulnerable versions of OpenSSL. Last month, several critical security issues, including a client-exploitable remote buffer overflow in the SSLv2 handshake process, were discovered in all OpenSSL versions prior to 0.9.6e. The worm appears to exploit this hole, although […]
« Older Entries Newer Entries »