[NCLUG] Re: Not Code Red (another Code Red topic)
Michael Dwyer
mdwyer at sixthdimension.com
Tue Aug 7 11:56:42 MDT 2001
> > On Mon, Aug 06, 2001 at 09:50:01PM -0600, thorson at aster.com wrote:
> > > P.S. Cisco DSL modems have been infected with the Microsoft IIS
virus.
> > > I read this on the Cisco pages. Can you believe that anyone
would
> > > actually burn MS crap into ROM?
> > >
>
> On Mon, 6 Aug 2001, Quent wrote:
> > I doubt there's any Microsoft code in the DSL boxes ROM, it's just
that
> > the web server is pretty dumb and doesn't handle the garbage that
the worm
> > tries to get it to swallow.
> >
>
> These are the convincing Microsoft ISS virus infecting Cisco
> ROM type statements I've been reading.
>
> From http://www.incidents.org/react/code_red.php:
>
> Is My Cisco Device Vulnerable?
> -------------------------------
> If your Cisco device is running a vulnerable version of IIS (4.0 or
> 5.0) it is vulnerable. Also Cisco 600-series DSL routers will
> stall or crash upon receiving a probe sent by one of the worms.
Lemme qualify that a little more: Some Cisco products (I gather
management tools more than routers) run IIS on NT-derivitives, and
are therefore vulnerable to the exploits. The 600-series routers
run CBOS, which is their own smaller embedded OS. Larger routers
run IOS -- again, their own embedded OS. Neither have relations
to our fiends at Microsoft.
The 600-series routers are vulnerable not to the Code Red exploit,
but to a general inability to handle excessively long HTTP request
strings. It should be noted that some network printers, and many
other embedded HTTP servers are also vulnerable -- or at least may
crash.
More information about the NCLUG
mailing list