[21664] in bugtraq
Re: Two birds with one worm.
daemon@ATHENA.MIT.EDU (Emre Yildirim)
Thu Jul 19 17:44:22 2001
Message-ID: <1319.138.26.156.240.995573806.squirrel@www.vsrc.uab.edu>
Date: Thu, 19 Jul 2001 15:16:46 -0500 (CDT)
From: "Emre Yildirim" <emre@vsrc.uab.edu>
To: <bugtraq@securityfocus.com>
In-Reply-To: <20010719112755.B11048@xmission.com>
Cc: <jhansen@xmission.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
> It looks like the "Code Red" worm has the added side effect of crashing
> Cisco (675/678) DSL CPEs running any CBOS prior to 2.4.1. The GET it
> sends looking for IIS servers hardlocks any modem with the web
> management interface enabled.
>
> CBOS v2.4.2 is unaffected. Also, turning off the web interface with
> 'set web disabled' also prevents the crashes.
I think this is an old bug in the Cisco DSL routers, and not really directly
related to the "code red" worm. If the router runs an old version of
CBOS, justissuing GET ? will lock it up. Like you mentioned, the best thing would
be todisable the web interface or upgrade the firmware.
Take a look at Bugtraq ID 2012 and this post from the archives:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%
3Flist%3D1%26mid%3D147562
It might be related.
Cheers,
--
emre@unix.us.eu.org
