Herbert HexXer wrote: > > hello guys ... > ... i have been developing a code, that should patch the isdapi-filter > bufferoverflow vulnerability (the vulnerability CodeRed is exploiting) discovered > by eEye (walk through the code for details). Since we're at it ... I wrote something similar a few weeks ago but didn't release it back then. Well, here it is, may the curious enjoy it. It's a passively spreading worm that patches the box and removes CRII. After installing an ISAPI filter it infects every host sending Code Red, it does not actively scan for vulnerable hosts which should prevent cisco crashes and all the other side effects of Code Red. Since my assembler skills are limited the main part of the worm is written in C and only the exploit code is assembler. It should be obvious that I take no responsibility for what you do with this code. Although it doesn't contain any malicious code don't blame me if you hose your network or system. -- Markus Kern <markus-kernat_private> PS: The spreading mechanism is broken on purpose
This archive was generated by hypermail 2b30 : Sat Sep 01 2001 - 12:51:33 PDT