Vulnerability Development mailing list archives
RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)
From: "Paige, Randall" <rpaige () verisign com>
Date: Tue, 4 Sep 2001 08:16:23 -0700
It appears CRClean.c is looking to include iadmw.h. Did I miss something ? Didn't you mean to include this file in your zip ? -----Original Message----- From: Markus Kern [mailto:markus-kern () gmx net] Sent: Saturday, September 01, 2001 3:02 PM To: vuln-dev () securityfocus com Subject: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Herbert HexXer wrote:
hello guys ... ... i have been developing a code, that should patch the isdapi-filter bufferoverflow vulnerability (the vulnerability CodeRed is exploiting)
discovered
by eEye (walk through the code for details).
Since we're at it ... I wrote something similar a few weeks ago but didn't release it back then. Well, here it is, may the curious enjoy it. It's a passively spreading worm that patches the box and removes CRII. After installing an ISAPI filter it infects every host sending Code Red, it does not actively scan for vulnerable hosts which should prevent cisco crashes and all the other side effects of Code Red. Since my assembler skills are limited the main part of the worm is written in C and only the exploit code is assembler. It should be obvious that I take no responsibility for what you do with this code. Although it doesn't contain any malicious code don't blame me if you hose your network or system. -- Markus Kern <markus-kern () gmx net> PS: The spreading mechanism is broken on purpose
Current thread:
- CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Herbert HexXer (Sep 01)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 01)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 05)
- <Possible follow-ups>
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Paige, Randall (Sep 04)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 04)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) DerHexXer (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Jonathan Rickman (Sep 05)
- CodeGreen free? // Re: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Steinhart Alexander (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 05)