If you just block port 443 with your firewall. (and you are not using SSL) you won't have a problem either..
I have several unpatched openssl boxes, but all of them are blocked by the firewalls.. and none have gotten the worm. As I understand it, the worm sends a header to port 80 to see if its apache, if it is, it then tries port 443 and tries the hack.. if the firewall blocks port 443, it won't get anywhere..... just a thought.. Most of the boxes I setup are basic firewall/gateway or samba servers, so I don't patch stuff I'm not running.. and none of them show any signs of problems.. if you close your firewall right down to only things it most access.. and don't run services you are not using, you are usually pretty safe with linux... but its still important to patch services you are running, and watch the security sites..... (although not securityfocus anymore since its now owned by symentec and will no doubt be biased towards them now... (in my opinion and several others I have read about.) rgds Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Twu Sent: Wednesday, 25 September 2002 8:43 AM To: [EMAIL PROTECTED] Subject: [expert] (Inserted CRs) Unpatched LM82 is susceptible to SSL vulnerability (sorry, inserted carriage returns below) Hi folks, A web server at work got cracked on Sunday, and it looks like they used the SSL hole. The bad person left a .tar.gz file in a directory, and we did a google search on the filename, and voila -- it was a script (uploaded Sep 17) that exploited the vulnerability. I heard about the SSL vulnerability before our server was cracked, and did some reading. I didn't patch, because of: http://www.mandrake.com/en/archives/expert/2002-09/msg00588.php The paragraph where they wrote Linux-Mandrake 8.2 was not vulnerable ... well, maybe they were referring to it with the openssl -2.3mdk patch. So, patch up, even if you read something that says "this is not vulnerable", as you may be taking it out of context, or they may be wrong. As of Sep 17 at least, there are automated tools for script kiddies that will exploit the hole. Here's the 8.2 security page: http://www.mandrake.com/en/security/mdk-updates.php3?dis=8.2 I assume this is the right one to install: http://www.mandrake.com/en/security/2002/MDKSA-2002-046-1.php?dis=8.2 (That gives you the filename; I assume you click on FTP server mirrors and find a mirror to actually download it. I haven't really used Mandrake's auto-update tools.) There is a longer discussion here: http://www.mandrake.com/en/archives/expert/2002-09/ (search for openssl) Jeffrey Twu [EMAIL PROTECTED]
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
