Date: Wed, 8 Aug 2001 21:10:52 -0500 From: Don Erickson <derick@shark.zeni.net> Message-Id: <200108090211.f792B5YC009960@shark.zeni.net> Subject: Re: Code Red (II) Question
In article <003f01c1204e$7e924e60$c6950c0a@uhc.com> you write:
>
>I would guess that there is a vulnerability that "looks like" the IE hole to
>the virus, which either overflows something or lodges unworkable code
>somewhere.
Thanks for the clarification. Well, I went to CERT and apparently the
Cisco routers that are vulnerable to Code Red are vulnerable specifically
because they run MS IIS. That's pretty much a no-brainer.
The Cisco 600 series of DSL Routers simply stop forwarding packets
because, as you surmise, the virus' requests trigger an unrelated
memory overrun vulnerability.
Personally, I'm surprised that Cisco ships routers running Microsoft Web
servers. I wonder if that fact was considered a sales point, or was kept
quiet?
Regards,
-Don
-- .sig lite--------------3BCA12B7BACEA9712BA21397