[ILUG-BOM] Re: Web Server bufferoverflow
Pankaj Jangid
pankaj@[EMAIL-PROTECTED]
Sat Jul 21 08:44:03 IST 2001
This is what I received in Apache Week.
In the news
IIS vulnerabilities show up in Apache log files
We've received a large number of messages over the last few days
from system administrators who have seen worrying entries in their
Apache access logs. The requests look like this:
192.168.2.12 - - [19/Jul/2001:16:55:47 +0100] "GET /default.ida?NNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 400 252 -
If you are running Apache there is nothing to worry about, these
requests are part of the [3]Code Red Worm virus designed to search
out vulnerable IIS servers running on Windows.
However if you'd like to become vulnerable to attacks such as this,
Microsoft have a toolkit that will let to migrate from [4]Apache to
IIS. (Allegedly the last step is append the text "3L33T crew ownz
you" to the bottom of all your web pages to save the crackers some
time)
Regards
pankaj
More information about the Linuxers
mailing list