Code Red - hacked by chinese worm

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Midnight
    Confirmed User
    • Jun 2001
    • 330

    #1

    Code Red - hacked by chinese worm

    For any of you running Microsoft IIS servers on NT or Win2K, there is a worm that is spreading throughout the internet at a rapid rate. Any of you that use cashtour saw it the other night.

    In order to prevent this, you will need to go to this location and retrieve the patch knowns as:

    MS01-33 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise

    You can find the patch here:
    http://www.microsoft.com/technet/tre...n/MS01-033.asp

    The following information is taken from the Microsoft website and sums up the problem:

    ~~A security vulnerability results because idq.dll contains an unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it.

    The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability. ~~

    Regards,




    ------------------
    Midnight
    Midnight Ventures Partner Program
    Excellence is not an act, but a habit - Aristotle
    Codifico, quindi sono
    icq 118-997-859
  • Crutch
    Confirmed User
    • Mar 2001
    • 224

    #2
    I said it once and i'll say it again. My response to Ludedude suits in this thread just fine.
    http://bbs.gofuckyourself.com/board/...ML/005790.html


    Seriously though, great post Midnight

    Comment

    • DragonAss
      Confirmed User
      • May 2001
      • 206

      #3
      I just posted a CNet article on about the same thing. The strange part is that I looked (not seached) to see if someone posted it already. Now I see this thread .

      And to further question my own sanity, I can't find the one I posted originally . (I'm sure now that I typed that, the two threads will appear side by side )

      (okay... now that I typed that, they won't)

      Maybe I need to look for a new line of work .

      Comment

      • xxxjay
        Tube groupie.
        • Aug 2002
        • 13482

        #4
        I have been eaten http://www.stormfront.org/forum/
        http://donttellmehowtoruinmylife.com/ - http://www.jmdigitalmarketing.com/my...s-and-reviews/ - http://www.wouldyouhitit.org - http://shinyobjectreviews.com/

        Comment

        Working...