[unisog] Cost of the worm......

Gary Flynn flynngn at jmu.edu
Fri Aug 10 17:11:46 GMT 2001


Paul L Schmehl wrote:
> 
> <aol>me too</aol>  What I can't fathom is how you could not know that your
> servers are spewing junk all over the Internet, but that is apparently the
> case.

1. Computers that are left unattended for the summer.
2. Computers that are left unattended in closets.

Don't ask how I know :)

Did you ever find out whether PWS is susceptible to CodeRed? Is
there a configuration screen to set up file extension mappings
and does it contain one for .idq? If it calls the defective
code, I'd imagine it would be vulnerable.

One thing I found out, if a Windows machine is upgraded to W2K, 
it will have unpatched IIS 5 server installed BY DEFAULT.

http://support.microsoft.com/support/kb/articles/Q266/4/56.ASP

Also, it is important to note that PWS contains the unicode directory 
traversal defect, which I think makes it susceptible to the sa-admin
worm, and there is no Microsoft supported patch available:

http://www.jmu.edu/computing/info-security/engineering/issues/ms_pws.htm

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml



More information about the unisog mailing list