[LON-CAPA-admin] detecting and removing slapper....
Martin Siegert
siegert at sfu.ca
Tue Sep 17 16:09:48 EDT 2002
On Tue, Sep 17, 2002 at 01:29:02PM -0400, Scott Harrison wrote:
> Dear All:
>
> More information from
> http://www.f-secure.com/v-descs/slapper.shtml
>
> REMOVAL
>
> The worm is visible in the infected system as a process ".bugtraq". An
> infected system can be disinfected by
> terminating the worm's process, and by removing the files created into
> temporary directory:
>
> /tmp/.uubugtraq
> /tmp/.buqtraq.c
> /tmp/.bugtraq
>
> The Apache web server must be shut down as well and the OpenSSL libary
> must be upgraded to a fixed
> version (0.9.6e or above) in order to avoid reinfection.
Just an addendum to avoid confusion: the latest RedHat packages mentioned in
http://rhn.redhat.com/errata/RHSA-2002-160.html
are patched against those vulneratbilities and are safe (despite the version
0.9.6b and earlier).
Cheers,
Martin
========================================================================
Martin Siegert
Academic Computing Services phone: (604) 291-4691
Simon Fraser University fax: (604) 291-4242
Burnaby, British Columbia email: siegert at sfu.ca
Canada V5A 1S6
========================================================================
>
> Regards,
> Scott
>
> --
> Scott Harrison, sharrison at users.sourceforge.net
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
More information about the LON-CAPA-admin
mailing list