[21670] in bugtraq
Re: Microsoft IIS problems (Current)
daemon@ATHENA.MIT.EDU (GVB)
Thu Jul 19 18:13:08 2001
Date: Thu, 19 Jul 2001 14:01:58 -0700 (PDT)
From: GVB <gvb@abused.com>
To: Jim Hribnak <hribnak@nucleus.com>
Cc: <BUGTRAQ@securityfocus.com>
In-Reply-To: <08a601c11087$d01e7190$035d22cf@Jim>
Message-ID: <20010719135845.B88156-100000@abused.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
I have seen a few machines where IIS has been crashing all day. I am guessing
it is related to this idq.dll worm. All of these machines DO have the
Q300972 patch applied to them, yet they are still crashing.
I would like to test some things (repatching, applying service packs, etc..).
Does anyone have a proof of concept exploit for this problem?
Thanks!
gvb
On Thu, 19 Jul 2001, Jim Hribnak wrote:
>
> There appears to be a WIDE spread issue with IIS 4 and IIS 5 right now. The
> services will automatically shut down when attacked. There is patches (old
> Patches) that seem to fix the problem YET the patch says its for Microsoft
> Index server (a lot of people are not running Index server, yet this patch
> fixes the crashing problem.
>
> Upon further reading of the bulletin below it say
>
> "
> Affected Software:
>
> a.. Microsoft Index Server 2.0
> b.. Indexing Service in Windows 2000
> "
>
> Most people will not install this if they are not running the software
> listed above. The above should have also said IIS 4 and IIS 5 are affected.
>
> And it does if you read the technical section..
>
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/MS01-033.asp
>
> for IIS4 /NT4
> http://www.microsoft.com/ntserver/nts/downloads/critical/q300972/default.asp
>
> for IIS5/Win2000
> http://www.microsoft.com/windows2000/downloads/critical/q300972/default.asp
>
>
>
> ---------------------------------------
> Jim Hribnak
> Manager Communication Services
> Nucleus Inc.
> 403-209-0000
>
>
>
>
