Program and Source for Removal of IDA/IDQ Script Mappings (in response to Red Code Worm)
From: Critical Watch Bugtraqqer (bugtraq@criticalwatch.com)Date: 07/20/01
- Previous message: Ken Eichman: "Code Red worm address generator pattern"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <001901c1115b$8b62ab00$0bcfdf0a@theharem.net> From: "Critical Watch Bugtraqqer" <bugtraq@criticalwatch.com> To: <BUGTRAQ@SECURITYFOCUS.COM> Subject: Program and Source for Removal of IDA/IDQ Script Mappings (in response to Red Code Worm) Date: Fri, 20 Jul 2001 15:35:39 -0500
Hello everyone
This is in response to the sheer numbers of web server that got pummeled by
this new worm. While many people and firms created
exploit/checks/Advisories for this Dangerous exploit, we have yet to see a
"helping hand" program...until now! Having previously worked at a site
with a huge server farm I experienced how painful it can be to go to 175
machines to install a single hot fix. This program will allow you to sit at
your desk and simply yank the script mappings from the web server altogether
and eliminate some 6 or so vulnerabilities that are associated with Index
Services.
This is a very simple program that you can use to remove the .IDA and .IDQ
script mappings from the root of a web server and from all its sub-web
sites. We have included the source code as well as the setup packages. (the
metautil.dll has to get installed) for your perusal.
You may retrieve the 1.43 meg download from our web site at
http://www.criticalwatch.com/downloads/IDA_ScriptRemoval_Util.zip
Nelson Bunker, CISSP
V.P. of Security
Critical Watch
- Previous message: Ken Eichman: "Code Red worm address generator pattern"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
