Vulnerability Development mailing list archives
Curious Code Red Behavior with Star Office HTTPd
From: "Tim" <webmaster () crazy-horse net>
Date: Mon, 6 Aug 2001 17:06:19 -0400
While going through my logs I happened to notice an AOL address and decided I would check and see whether it was someone on AOL or an AOL server itself. Luckily it was some poor soul using AOL rather than the company actually having a Code Red problem. That aside I noticed one very curious aspect of the webserver while I was just playing around throwing commands at it. Up till now I have seen problems with Cisco, and IIS. I thought I should report this as I have not read anywhere that StarOffice HTTP Server was vulnerable. log of attack: --------------- 172.177.28.x - - [06/Aug/2001:06:55:57 -0500] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3% u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 210 "-" "-" Nothing unusual there.... Check out the 404 while i was testing for the Trojan aspect of the newer variant: ---------- HTTP Error 404 404 Not found ("/c/winnt/system32/cmd.exe?/c+dir") ---------------------------------------------------------------------------- ---- Generated by StarOffice HTTP Server 1.0 Anyone else seen any other attacks generating from StarOffice or is this just a freak incident? I haven't reported this to Sun as I'm not 100% it's the StarOffice that attacked me earlier, they could have switched HTTPd's since then. If anyone has StarOffice installed and would check it would clear this up. Thanks, Tim
Current thread:
- Curious Code Red Behavior with Star Office HTTPd Tim (Aug 06)
- Re: Curious Code Red Behavior with Star Office HTTPd Ray Simard (Aug 06)
- Re: Curious Code Red Behavior with Star Office HTTPd Ray Simard (Aug 10)