Code Red - hacked by chinese worm - GoFuckYourself.com

Midnight · 07-19-2001, 02:32 PM

For any of you running Microsoft IIS servers on NT or Win2K, there is a worm that is spreading throughout the internet at a rapid rate. Any of you that use cashtour saw it the other night.

In order to prevent this, you will need to go to this location and retrieve the patch knowns as:

MS01-33 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise

You can find the patch here:
http://www.microsoft.com/technet/tre...n/MS01-033.asp

The following information is taken from the Microsoft website and sums up the problem:

~~A security vulnerability results because idq.dll contains an unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it.

The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability. ~~

Regards,

------------------
Midnight
Midnight Ventures Partner Program
Excellence is not an act, but a habit - Aristotle

Crutch · 07-19-2001, 02:57 PM

I said it once and i'll say it again. My response to Ludedude suits in this thread just fine.

http://bbs.gofuckyourself.com/board/...ML/005790.html

Seriously though, great post Midnight

DragonAss · 07-19-2001, 09:14 PM

I just posted a CNet article on about the same thing. The strange part is that I looked (not seached) to see if someone posted it already. Now I see this thread

.

And to further question my own sanity, I can't find the one I posted originally

. (I'm sure now that I typed that, the two threads will appear side by side

)

(okay... now that I typed that, they won't)

Maybe I need to look for a new line of work

.

xxxjay · 02-08-2004, 08:24 AM

I have been eaten http://www.stormfront.org/forum/

07-19-2001, 02:32 PM	#1
Midnight Confirmed User Join Date: Jun 2001 Location: ONLINE Posts: 330	Code Red - hacked by chinese worm For any of you running Microsoft IIS servers on NT or Win2K, there is a worm that is spreading throughout the internet at a rapid rate. Any of you that use cashtour saw it the other night. In order to prevent this, you will need to go to this location and retrieve the patch knowns as: MS01-33 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise You can find the patch here: http://www.microsoft.com/technet/tre...n/MS01-033.asp The following information is taken from the Microsoft website and sums up the problem: ~~A security vulnerability results because idq.dll contains an unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it. The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability. ~~ Regards, ------------------ Midnight Midnight Ventures Partner Program Excellence is not an act, but a habit - Aristotle

02-08-2004, 08:24 AM	#4
xxxjay Tube groupie. Industry Role: Join Date: Aug 2002 Location: LoScandalous, CA Posts: 13,482	I have been eaten http://www.stormfront.org/forum/ __________________ http://donttellmehowtoruinmylife.com/ - http://www.jmdigitalmarketing.com/my...s-and-reviews/ - http://www.wouldyouhitit.org - http://shinyobjectreviews.com/

07-19-2001, 02:57 PM	#2
Crutch Confirmed User Join Date: Mar 2001 Location: Los Angeles Posts: 224	I said it once and i'll say it again. My response to Ludedude suits in this thread just fine. http://bbs.gofuckyourself.com/board/...ML/005790.html Seriously though, great post Midnight

07-19-2001, 09:14 PM	#3
DragonAss Confirmed User Join Date: May 2001 Location: Philly, PA USA Posts: 206	I just posted a CNet article on about the same thing. The strange part is that I looked (not seached) to see if someone posted it already. Now I see this thread . And to further question my own sanity, I can't find the one I posted originally . (I'm sure now that I typed that, the two threads will appear side by side ) (okay... now that I typed that, they won't) Maybe I need to look for a new line of work .