RE: [cobalt-users] Re: is this what we've been discussing - CERT Advisory CA-2002-27 Apache/mod_ssl Worm

["Jolley, Carl" <Carl.Jolley@xxxxxxx>]

-----Original Message-----
From: Gerald Waugh 
Sent: Sunday, September 15, 2002 3:21 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] Re: is this what we've been discussing -
CERT Advisory CA-2002-27 Apache/mod_ssl Worm


On Sunday 15 September 2002 13:47, Chris Adams wrote:
> Once upon a time, E.B. Dreger <eddy+public+spam@xxxxxxxxxxxxxxxxx> said:
> > GW> Date: Sun, 15 Sep 2002 10:57:36 -0400
> > GW> From: Gerald Waugh
> > GW> It will not affect SSH from pkgmaster as they used a 'static'
> > GW> library (it's compiled into the package)
> >
> > Correct.
>
> It will also not affect the most important thing: the Apache web
> server's SSL support (which is what the worm targets), because that is
> also compiled statically against OpenSSL.
>
> Sun needs to release a security fix for this for all RaQs.  RaQ3s and up
> come with SSL, and we bought an SSL add-on from Cobalt for our RaQ1s and
> RaQ2s (of which we still have a few in service).
>
> Since the admin server runs as root and has SSL support on the RaQ3 and
> up, this is a serious security threat (if someone wrote a worm that
> targeted the admin server port they could get full root access to every
> RaQ3 and up).

How can you tell which openssl version apache (mod_ssl) is using?
--------------------
The web server sticks varius software version information item into
$ENV{SERVER_SOFTWARE}. A simple cgi script that echos the environmental
variables will show you this item, e.g.

#usr/bin/perl
print "Content-Type: text/html\r\n\r\n";
print "<PRE>\r\n";
foreach $key (sort keys %ENV) {
        print "$key: $ENV{$key}\r\n";
}
print "</PRE>";