Previous Security Advisories

OpenSSL Worm Slowing Down

September 20, 2002

A little over a week after being discovered, the OpenSSL Slapper worm has started slowing down. Some 7,000-10,000 servers have been infected, which pales in comparison to Code Red’s 400,000 or Nimda’s 86,000 last year. Fortunately, the worm’s P2P network was not utilized to cause any severe damage, although Symantec claims that a few companies […]

Session Hijacking, DoS Bugs in Windows Remote Desktop

September 19, 2002

Update: We’ve just found out that Windows XP Pro SP1 does include patches for these two vulnerabilities, and MS has released bulletin MS02-051 with a fix for Windows 2000 as well. Multiple vulnerabilities have been discovered in Microsoft’s Remote Desktop Protocol, which is used to power Terminal Services for Windows 2000 servers, as well as […]

OpenSSL Vulnerability Detection Tool Released

September 18, 2002

RUS-CERT has released a useful tool for the remote detection of vulnerable OpenSSL servers. It connects to a host and attempts to perform a small, harmless buffer overflow; if the target does not crash, it is likely susceptible to the Slapper worm and other SSLv2 exploits. Updated OpenSSL servers may crash or return errors when […]

« Older Entries   Newer Entries »