Apache/Mod_SSL Worm Vulnerabilities Reported on Campus

Linux systems running Apache and unpatched OpenSSL may be vulnerable to buffer overflow exploits. According to CERT, OpenSSL versions prior to 0.9.6e and version 0.9.7 beta2, have been found susceptible to this security exploit (see CERT advisories CA-2002-27 and CA-2002-23). An Apache web server that has been successfully compromised by the Apache/mod_ssl Worm will continue to propagate the infection to other vulnerable servers, provide a distributed denial of service attack platform and could provide a privilege escalation path for the attacker to gain root authority on the compromised system. The CERT reports that a successful security exploit may leave the following files on Linux systems running Apache with OpenSSL:


We have taken steps to reduce the infections spread by compromised external Apache servers. However, the worm infection is still able to spread within the campus network. Recommended corrective measures to address a vulnerability to the Apache/Mod_SSL Worm include applying vendor patches, upgrading to OpenSSL, version 0.9.63 or disabling SSL.