Re: IIS4 & Code Red?From: Ryan Permeh (ryan@eEye.com)
- Previous message: Süß, Michael: "MS released SRP"
- In reply to: Dave Loschiavo: "IIS4 & Code Red?"
- Next in thread: Michael Sheppard: "Re: IIS4 & Code Red?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <010701c11604$10766780$1e01a8c0@eCompany.gov> From: "Ryan Permeh" <ryan@eEye.com> To: "Dave Loschiavo" <firstname.lastname@example.org>, <email@example.com> Subject: Re: IIS4 & Code Red? Date: Thu, 26 Jul 2001 11:52:05 -0700
the offsets in all currently analyzed versions of CodeRed are wrong for nt
4/iis4. it causes a halt in service, rather than infecting and spreading.
The vulnerability DOES exist on nt 4, though, so if correct offsets were
applied, an nt4 worm od CodeRed caliber would be possible.
> Anyone out there actually see (first hand) an IIS4 box that was
> compromised by Code Red? I know it will affect IIS5, and the alerts say it
> affects IIS4 and IIS5, but I'd like to know if anyone actually saw an IIS4
> box get hit.