From owner-freebsd-security  Sun Jun 30  7:54:58 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AA75C37B400
	for <security@FreeBSD.ORG>; Sun, 30 Jun 2002 07:54:54 -0700 (PDT)
Received: from rutger.owt.com (rutger.owt.com [204.118.6.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 160AD43E09
	for <security@FreeBSD.ORG>; Sun, 30 Jun 2002 07:54:54 -0700 (PDT)
	(envelope-from kstewart@owt.com)
Received: from owt.com (owt-207-41-94-232.owt.com [207.41.94.232])
	by rutger.owt.com (8.9.3/8.9.3) with ESMTP id HAA10036;
	Sun, 30 Jun 2002 07:54:46 -0700
Message-ID: <3D1F1BB5.6040807@owt.com>
Date: Sun, 30 Jun 2002 07:54:45 -0700
From: Kent Stewart <kstewart@owt.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2
X-Accept-Language: en-us, es-mx
MIME-Version: 1.0
To: Benjamin Krueger <benjamin@seattleFenix.net>
Cc: Andy Farkas <andyf@speednet.com.au>, security@FreeBSD.ORG
Subject: Re: FreeBSD.Scalper.Worm
References: <3D1E9CDD.6050507@owt.com> <Pine.BSF.4.33.0206302244150.42445-100000@backup.af.speednet.com.au> <20020630071803.B23168@mail.seattleFenix.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org



Benjamin Krueger wrote:

> * Andy Farkas (andyf@speednet.com.au) [020630 05:51]:
> 
>>On Sat, 29 Jun 2002, Kent Stewart wrote:
>>
>>
>>>One of the people sending mail to -docs, pointed me to
>>>
>>>http://securityresponse.symantec.com/avcenter/venc/data/freebsd.scalper.worm.html
>>>
>>>It looks like more exposure needs to be provided via the web site and etc.
>>>
>>>Kent
>>>
>>>
>>Looks like this worm can be stopped by having /tmp mounted noexec.
>>
> 
> Or running a non-vulnerable version of Apache.


That was my choice. I also upgraded from 1.3.24 to 2.0.39. I figured 
that it was time.

I checked with people I knew and one of them had not upgraded Apache. 
He had waited until an application to take andvantage of Apache's hole 
and targeting FreeBSD had arrived. I figure there are more.

Kent.

-- 
Kent Stewart
Richland, WA

http://users.owt.com/kstewart/index.html


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message