[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Re: is this what we've been discussing - CERT Advisory CA-2002-27 Apache/mod_ssl Worm
- Subject: Re: [cobalt-users] Re: is this what we've been discussing - CERT Advisory CA-2002-27 Apache/mod_ssl Worm
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun Sep 15 12:23:04 2002
- Organization: Front Street Networks LLC
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Sunday 15 September 2002 13:47, Chris Adams wrote:
> Once upon a time, E.B. Dreger <eddy+public+spam@xxxxxxxxxxxxxxxxx> said:
> > GW> Date: Sun, 15 Sep 2002 10:57:36 -0400
> > GW> From: Gerald Waugh
> > GW> It will not affect SSH from pkgmaster as they used a 'static'
> > GW> library (it's compiled into the package)
> >
> > Correct.
>
> It will also not affect the most important thing: the Apache web
> server's SSL support (which is what the worm targets), because that is
> also compiled statically against OpenSSL.
>
> Sun needs to release a security fix for this for all RaQs. RaQ3s and up
> come with SSL, and we bought an SSL add-on from Cobalt for our RaQ1s and
> RaQ2s (of which we still have a few in service).
>
> Since the admin server runs as root and has SSL support on the RaQ3 and
> up, this is a serious security threat (if someone wrote a worm that
> targeted the admin server port they could get full root access to every
> RaQ3 and up).
How can you tell which openssl version apache (mod_ssl) is using?
Gerald
--
http://frontstreetnetworks.com http://raqware.com
229 Front Street, Ste C, New Haven, CT 06513-3203
Phone: 203-785-0699