RE: [iisanswers] IISAnswers Bulletin: NT4 Sites with Redirects can crash from Code Red

From: Jerry Vogler (jv128at_private)
Date: Thu Aug 09 2001 - 14:55:37 PDT

Next message: Paul Szabo: "Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow"

Previous message: Marc Maiffret: "RE: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0"
In reply to: Hugh Choudhury: "FW: [iisanswers] IISAnswers Bulletin: NT4 Sites with Redirects can crash from Code Red"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stop it on your perimeter router.
http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml

This will protect your servers and log the internal interface so you can see
if you are infected by the ACL log file



Jerry Vogler
Cisco CCNA CCDA CCDP CCNP
CheckPoint CCSA/CCSE
Nortel NNCAS
Cisco CSE
CSE Security Solutions Specialist
CSE Network Management Specialist


-----Original Message-----
From: Hugh Choudhury [mailto:hugh.choudhuryat_private]
Sent: Thursday, August 09, 2001 12:56 PM
To: bugtraqat_private
Subject: FW: [iisanswers] IISAnswers Bulletin: NT4 Sites with Redirects
can crash from Code Red


You guys seen this ?  Further problems over and above Code Red patches

-----Original Message-----
From: brettat_private [mailto:brettat_private]
Sent: 09 August 2001 18:00
To: IISAnswers Newsletter
Subject: [iisanswers] IISAnswers Bulletin: NT4 Sites with Redirects can
crash from Code Red


*************************************************
* IIS Bulletin
* NT4 Sites with Redirects can crash from Code Red
**************************************************

It has been confirmed that despite being patched, some NT4 servers are
subject to crashing when processing URLS from Code Red and its variants.
This occurs on patched NT4 servers that use redirection. W2K is not
affected. Those of you using redirection enabled in the IIS Snap-in
should take immediate action to ensure you are not vulnerable to this
problem.

This is not a problem if you use scripting to redirect your site or
pages.

Microsoft evidently knows about this but has not commented on it
publicly.

Below is the posting including a response from a Microsoft IIS support
team member about the problem.

http://archives.neohapsis.com/archives/incidents/2001-08/0218.html

Dang, this bug is hard to squash!

-brett

---------------------------------
Now Registering for IIS FastTrack
http:/www.iistraining.com





---
This is an announcement only list, do not reply.
You are currently subscribed to iisanswers as: hugh.choudhuryat_private
To unsubscribe send a blank email to
leave-iisanswers-15362Yat_private

Next message: Paul Szabo: "Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow"
Previous message: Marc Maiffret: "RE: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0"
In reply to: Hugh Choudhury: "FW: [iisanswers] IISAnswers Bulletin: NT4 Sites with Redirects can crash from Code Red"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:47:46 PDT