[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Apache worm that uses the chunk vulnerability - in the wild
- Subject: RE: [cobalt-users] Apache worm that uses the chunk vulnerability - in the wild
- From: "Paul Alcock" <webmgr@xxxxxxxxxxxxxxxxxx>
- Date: Fri Jun 28 15:32:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Snippets
> Domas Mituzas for Central systems @ MicroLink Data is reporting that his
> honeypot systems trapped a new apache worm(+trojan) in the wild.
>
> <http://dammit.lt/apache-worm/> Click here to check out Domas Mituzas's
> page on this discovery
>
> More information on the Apache bug can be found at
> <http://www.cert.org/advisories/CA-2002-17.html> here, and patches can
> either be made by <http://www.securiteam.com/tools/5WP0M0U7FS.html>
> modifying your config file or
> <http://www.apache.org/dyn/closer.cgi/httpd/> upgrading your Apache
> version."
>
Sun has a patch on sunsolve (RAQ2s perhaps others)
http://sunsolve.sun.com/patches/cobalt/raq2.eng.html
Question, does this require the earlier patch
RaQ2-All-Security-4.0.1-13323.pkg which seems to be
getting a lot of folks in trouble.(it's the proftpd patch)
Has anyone done the 13323 pkg on a raq2 yet.
I note that the raq2 does not have apxs installed so we cannot follow the
tips in the link to dammit.lt.
Does this sort of thing alway hit the fan on friday afternoons?
Paul