> It looks like the "Code Red" worm has the added side effect of crashing > Cisco (675/678) DSL CPEs running any CBOS prior to 2.4.1. The GET it > sends looking for IIS servers hardlocks any modem with the web > management interface enabled. > > CBOS v2.4.2 is unaffected. Also, turning off the web interface with > 'set web disabled' also prevents the crashes. I think this is an old bug in the Cisco DSL routers, and not really directly related to the "code red" worm. If the router runs an old version of CBOS, justissuing GET ? will lock it up. Like you mentioned, the best thing would be todisable the web interface or upgrade the firmware. Take a look at Bugtraq ID 2012 and this post from the archives: http://www.securityfocus.com/frames/?content=/templates/archive.pike% 3Flist%3D1%26mid%3D147562 It might be related. Cheers, -- emreat_private
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 14:43:08 PDT