GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Code Red

Midnight · 07-19-2001, 02:32 PM

For any of you running Microsoft IIS servers on NT or Win2K, there is a worm that is spreading throughout the internet at a rapid rate. Any of you that use cashtour saw it the other night.

In order to prevent this, you will need to go to this location and retrieve the patch knowns as:

MS01-33 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise

You can find the patch here:
http://www.microsoft.com/technet/tre...n/MS01-033.asp

The following information is taken from the Microsoft website and sums up the problem:

~~A security vulnerability results because idq.dll contains an unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it.

The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability. ~~

Regards,

------------------
Midnight
Midnight Ventures Partner Program
Excellence is not an act, but a habit - Aristotle

07-19-2001, 02:32 PM
Midnight Confirmed User Join Date: Jun 2001 Location: ONLINE Posts: 330	Code Red - hacked by chinese worm For any of you running Microsoft IIS servers on NT or Win2K, there is a worm that is spreading throughout the internet at a rapid rate. Any of you that use cashtour saw it the other night. In order to prevent this, you will need to go to this location and retrieve the patch knowns as: MS01-33 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise You can find the patch here: http://www.microsoft.com/technet/tre...n/MS01-033.asp The following information is taken from the Microsoft website and sums up the problem: ~~A security vulnerability results because idq.dll contains an unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it. The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability. ~~ Regards, ------------------ Midnight Midnight Ventures Partner Program Excellence is not an act, but a habit - Aristotle