|
-
August 12th, 2001, 01:17 AM
#1
more sensasionalism. mach
http://security.ittoolbox.com/news/dispnews.asp?i=50064
http://www.msnbc.com/news/610529.asp
Code Red Is Back!
By By Thor Olavsrud
The Code Red worm is rearing its ugly head again, crashing some servers even though they have been patched against the buffer overflow the worm exploits.
Reports have been filtering in that servers running Microsoft Windows NT 4.0 and Microsoft's IIS 4.0 Web server software, and which also utilize URL redirection, are prone to crashing due to the worm. This particular problem does not affect patched versions of IIS 5.0 Windows 2000. Machines running Windows NT 4.0 or Windows 2000 and unpatched versions of IIS 4.0 or 5.0, are vulnerable to the worm.
However, in this case, the crashes occur due to the fact that when IIS 4.0 is set to redirect URLs it will accept any URL, leaving it vulnerable to an overflow that crashes IIS.
According to a Microsoft IIS Technical Support staffer posting to a message board, Microsoft is working on a fix but it is not yet ready. Currently, the only solution to the problem is to remove all redirected IIS Web sites and URLs from the server, apply the patches Microsoft issued in June, and reboot the server.
"Removing the .ida script mappings will not avoid all the problems if you are running IIS 4.0," the staffer posted. "Removing the redirections is currently the best solution (this is in addition to installing the fix or removing the script mappings)."
Code Red first appeared in July and was discovered by eEye Digital Security. At the time, eEye said the worm was similar to the sadmind/IIS worm that propagated near the end of the U.S.-China hacker skirmishes in May.
The worm exploits a well-known hole in IIS for which Microsoft published a patch in June.
Code Red appears to propagate on a cyclical basis, and some officials, particularly Ronald Dick, head of the Federal Bureau of Investigation's National Infrastructure Protection Center, have predicted that there is a good chance the worm will continue to spread on a periodic basis.
The patch for Windows NT 4.0 is available here , and the patch for Windows 2000 Professional, Server and Advanced Server is available here
------------------
"Onward Through the fog"
VDR SEARCH
Stings Shack™
"ONWARD THROUGH THE FOG"
"640K ought to be enough for anybody." - - Bill Gates, 1981
AMAZING TECHS
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
