Bugtraq mailing list archives
RE: RED-CODE WORM PATCH possibly not working ????
From: "Steve Halford" <shalford () infoarc com>
Date: Fri, 20 Jul 2001 15:10:41 -0700
On Friday, July 20, 2001 5:36 tigerblue wrote
i have got some IIS4-and some IIS5-servers. I was checking the logfiles = to get a short info about the red-code worm. The IIS4-servers were = respondig to the get default.ida with a http 40x code, but the IIS5 on = w2k machines were all responding with an http 200 code. Hmmm strange = =B4cause all the servers have been patched in the last month against = this idq-vulnerability (MS01-033). I=B4m really a wondering, is it normal, that the w2k servers reponding = with an 200-Code or is mabe the patch not working at all... does anybody = had this effect ????
The 404 code will return only when you have ida mapping disabled. The patch fixes the buffer overrun problem; it does not disable the mapping. To test for whether the patch is applied, you should look at the file date of the idq.dll; if it is 5/24/2001, the patch has been applied. Steve Halford shalford () infoarc com
Current thread:
- RED-CODE WORM PATCH possibly not working ???? tigerblue (Jul 20)
- RE: RED-CODE WORM PATCH possibly not working ???? Steve Halford (Jul 20)