Re: [cobalt-users] Apache worm that uses the chunk vulnerability - in the wild

["Peter Masloch" <peter@xxxxxxxxxxx>]

Why do you have not apxs? I have it on my Raq2 in /usr/sbin/
The 13323 pkg works fine on my Raq2. I just changed a line
in the proftpd.conf which was done in a second.
The 13323 pkg also updates some other libs and i think it is needed
in order to install the other updates.....but i'm not sure.
Why are you not just try to install the Apache update?
Peter

> Snippets
> > Domas Mituzas for Central systems @ MicroLink Data is reporting that his
> > honeypot systems trapped a new apache worm(+trojan) in the wild.
> >
> >  <http://dammit.lt/apache-worm/> Click here to check out Domas Mituzas's
> > page on this discovery
> >
> > More information on the Apache bug can be found at
> > <http://www.cert.org/advisories/CA-2002-17.html> here, and patches can
> > either be made by  <http://www.securiteam.com/tools/5WP0M0U7FS.html>
> > modifying your config file or
> > <http://www.apache.org/dyn/closer.cgi/httpd/> upgrading your Apache
> > version."
> >
> Sun has a patch on sunsolve (RAQ2s perhaps others)
> http://sunsolve.sun.com/patches/cobalt/raq2.eng.html
>
> Question, does this require the earlier patch
> RaQ2-All-Security-4.0.1-13323.pkg which seems to be
> getting a lot of folks in trouble.(it's the proftpd patch)
>
> Has anyone done the 13323 pkg on a raq2 yet.
>
> I note that the raq2 does not have apxs installed so we cannot follow the
> tips in the link to dammit.lt.
>
> Does this sort of thing alway hit the fan on friday afternoons?
>
> Paul
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>