[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stalk:00869] Re: CodeRedII $B$NN"(B$B8}3NG'!)(B

To: security-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [stalk:00869] Re: CodeRedII $B$NN"(B$B8}3NG'!)(B
From: Miharu <ensi@xxxxxxxxxxxxxxxx>
Date: Thu, 06 Sep 2001 22:29:05 +0900

(B
(B
$BbU$G$9!#(B
(B
(B
(BCodeRedII$B$C$F(Bscripts$B$H$3$m$K(Broot.exe$B$r:n@.$9$k$HM}2r$7$F$^$9!#(B
(B#$B$"$l!"$=!<$$$($P!"(Bsadmind/IIS$B$G$b:n@.$5$l$^$9$M!#(B
(B
$B$&!<$sNc$($P(B
$B!!!V(BCode Red $B%o!<%`$K4X$9$k>pJs!W(B
$B!!(B-- $B?7http://www.ipa.go.jp/security/ciadr/vul/20010727codered.html
$B$H$+!#(B
(B
(B
$Be=\$K(Bbugtraq$B$d(Bincidents$BEy$G$$$/$D$+Js9p$5$l$F$$(B
$B$?$h$&$K;W$$$^$9!#(B
(B#$BuBV$H$$$&3NG'$,$G$-$^$7$?!#(B
$B!!(Bhttp://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fend%3D2001-08-09%26list%3D1%26mid%3D201885%26start%3D2001-08-03%26fromthread%3D0%26threads%3D0%26
$B!!!!(B> http://IpAddress/c/inetpub/scripts/root.exe?/c+dir
$B!!!!(B> (if root.exe was still there) or:
$B!!!!(B> http://IpAddress/c/winnt/system32/cmd.exe?/c+dir
$B!!!!(B> Where dir could be any command an attacker would want to execute.
(B
$B>e5-(BURI$B$K$O(B /Scripts/root.exe? $B$J%"%/%;%9J}K!$K$D$$$F=q$+$l$F$$$k$o$1$G(B
$B$O$"$j$^$;$s$,!"(BCodeRedII$B$,%l%8%9%H%j$r=q$-49$($k$3$H$K$h$j!"$=$NB>$N%"(B
$B%/%;%9J}K!$b2DG=$K$J$k$N$@$m$&$H;W$$$^$9!#(B
$B7kO@$H$7$FN"8}3NG'$J$N$+!)$H8@$o$l$l$P$I$&$J$s$G$7$g$&$M!"!"!"(B
$B>/$J$/$H$b!"$h$+$i$L?M$K$h$k9T0Y$J$N$@$m$&$H46$8$G$7$g$&$+!#(B
$BEz$($K$J$C$F$$$J$/$F?=$7Lu$J$$$G$9!#(B
(B
$B$7$+$7(BCodeRedII$B$K46@w$7$F$$$k$H?($l2s$C$F$$$k>u67$O!"$H$F$b9%$^$7$/$J$$(B
$B>uBV$G$"$k$H46$8$^$9$h$M!#$h$+$i$L?M$O(B80/tcp$B$r3+$1$F$*$1$P!"O+$;$:$7$F(B
$B!D$J>u67$G$9$+$i!#!#!#(B
(B
(B
(B
(B-----
$BOC$,JQ$o$j$^$9$,!"%a!<%k=q$-$J$,$i8!:w$7$F$$$?$i!"%i%C%/$K(B
$B!!:G6a$N%;%-%e%j%F%#%[!<%k(B
$B!!(Bhttp://www.lac.co.jp/security/intelligence/securityhole.html
$B$J%Z!<%8$,!"!"!"CN$j$^$;$s$G$7$?!#(B
(B
(B
(B
(B
(B
(B
(B
(B--
(B- $B$3$N%a%$%j%s%0%j%9%H$K4X$9$k%D!<%k%P!http://toolbar.infoseek.co.jp/Tbar?pg=tbar_top.html&svx=971122

Follow-Ups:
- [stalk:00870] Re: CodeRedII $B$NN"8}3NG'!)(B
  - From: Delta

References:
- [stalk:00863] CodeRedII $B$NN"8}3NG'!)(B
  - From: Masakazu Yamada

Prev by Date: [stalk:00868] Re: CodeRedII $B$NN"8}3NG'!)(B
Next by Date: [stalk:00870] Re: CodeRedII $B$NN"8}3NG'!)(B
Previous by thread: [stalk:00868] Re: CodeRedII $B$NN"8}3NG'!)(B
Next by thread: [stalk:00870] Re: CodeRedII $B$NN"8}3NG'!)(B
Index(es):
- Date
- Thread

[stalk:00869] Re: CodeRedII $B$NN"(B$B8}3NG'!)(B

[stalk:00869] Re: CodeRedII $B$NN"(B$B8}3NG'!)(B