[Zope-Coders] Re: [ZC] 294/ 3 Comment ".ida Worm"

Nik Klever klever@multimedia.fh-augsburg.de
Sat, 16 Mar 2002 23:09:27 +0100 

Collector: Zope Bugs and Patches ... wrote:

>Issue #294 Update (Comment) ".ida Worm"
> ** Security Related ** (Confidential)
> Status Pending_confidential, Zope/bug critical
>To followup, visit:
>  http://collector.zope.org/Zope/294
>
>==============================================================
>= Comment - Entry #3 by ajung on Mar 15, 2002 2:51 pm
>
>I can't reproduce the crash neither under Linux nor Windows XP.
>
>- aj 
>

You are right - I have tested it by myself - it seems to be another 
problem with probably CMF which I currently can't limit to a useful hint 
for you.

Thanks a lot for your support and your quick answer !

Nik

>________________________________________
>= Comment - Entry #2 by ajung on Mar 15, 2002 2:44 pm
>
>What operating system ?
>
It is Linux SuSE 7.2 but this doesn't matter, I assume.

>
>________________________________________
>= Request - Entry #1 by Anonymous User on Mar 14, 2002 3:34 am
>
>Because of two attacks of the .ida Worm (see http://www.eeye.com/html/Research/Advisories/AL20010717.html) my 2.5.0 server crashed without any hint - the last entry in the error log is:
>
>2002-03-14T03:50:00 ERROR(200) ZServer Bad HTTP request: 'GET /default.ida?NNNNN
>NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7
>801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u000
>3%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0'
>
>just the same as in the log file:
>
>208.179.44.83 - Anonymous [14/Mar/2002:04:50:00 +0200] "GET /default.ida?NNNNNNN
>NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u780
>1%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%
>u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 400 268 "" ""
>
>Are there any suggestions, hints ?
>==============================================================
>
>