[ZCM] [ZC] 294/ 4 Reject ".ida Worm"
Collector: Zope Bugs and Patches ...
zope-coders@zope.org
Sat, 16 Mar 2002 17:20:51 -0500
Issue #294 Update (Reject) ".ida Worm"
** Security Related ** (Public)
Status Rejected, Zope/bug critical
To followup, visit:
http://collector.zope.org/Zope/294
==============================================================
= Reject - Entry #4 by ajung on Mar 16, 2002 5:18 pm
Status: Pending => Rejected
________________________________________
= Comment - Entry #3 by ajung on Mar 15, 2002 2:51 pm
I can't reproduce the crash neither under Linux nor Windows XP.
- aj
________________________________________
= Comment - Entry #2 by ajung on Mar 15, 2002 2:44 pm
What operating system ?
________________________________________
= Request - Entry #1 by Anonymous User on Mar 14, 2002 3:34 am
Because of two attacks of the .ida Worm (see http://www.eeye.com/html/Research/Advisories/AL20010717.html) my 2.5.0 server crashed without any hint - the last entry in the error log is:
2002-03-14T03:50:00 ERROR(200) ZServer Bad HTTP request: 'GET /default.ida?NNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7
801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u000
3%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0'
just the same as in the log file:
208.179.44.83 - Anonymous [14/Mar/2002:04:50:00 +0200] "GET /default.ida?NNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u780
1%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%
u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 268 "" ""
Are there any suggestions, hints ?
==============================================================