ZDNET: Blame it on Buffer Overflows

Aug 09, 2001, 12:00 (34 Talkback[s])

[ Thanks to Scott Marlowe for this link. ]

Here's a brief primer on buffer overflows, which may be useful for those learning a little about how Code Red works bonus link to the colorfully titled "F*** you, Code Red," a brief survey of Linux/open source enthusiasts' reactions to the worm: a Linux box running Apache provides a box seat to the show:

"A buffer overflow occurs when someone inputs more data into a field than that field expects. The text that spills over can then be executed on the computer. "In layman's terms, it means your toilet's stopped up and there's stuff everywhere," explained Fred Stangl, an independent software developer in Langhorne, Pa.

According to the Computer Emergency Response Team, more than 50 percent of the vulnerabilities found in operating systems are due to buffer overflows, and many are attributable to Microsoft technology.

Microsoft's software was developed for desktops, where buffer overflows are a minor problem. But with the same desktops now attached to the Internet, the problems can leave a gaping hole for hackers to climb through, critics say."

Complete Story

From NewsForge:

"Geeks are curious folk, so its no surprise they are examining Code Red and considering the possibilities; no matter that it is a Windows problem. It is an equal opportunity visitor, knocking on all doors. When it shows up, some hackers can't help but grab it and inspect closely.

Some people are starting to share their observations about the worm that infects systems running Windows 2000 or IIS. "I set up apache on my home machine to count the attempts. What is interesting is that within 10 seconds of starting apache and tail -f'ing the access_log, I had 1 attempt. Now suppose I was setting up a Win 2000 machine from the install CD. Chances are I (and probably most new installs) would be infected before they have a chance to patch the system," wrote one LUG list participant.

Collectors of Code Red-infected IPs are also noticing certain broadband ISPs are getting hit hard. Understandably, the worm seems to travel fastest within its own IP block, which could cause big problems for cable networks. In fact, subscribers to broadband are starting to get letters like this one from the Road Runner system in Tampa Bay, Fla.:"

Complete Story

Related Stories:

• LinuxPlanet: .comment: The Great, the Pretty Bad, and the Breathtakingly Stupid(Aug 08, 2001)
• LinuxPlanet: Editor's Note: The Bug Days of Summer(Aug 02, 2001)
• Linux Weekly News for August 2, 2001(Aug 02, 2001)
• Red Rock Eater: "Code Red" Roundup(Aug 02, 2001)
• SANS Security Alert: Code Red Is Set to Come Storming Back!(Jul 30, 2001)
• Linux Weekly News for July 26, 2001(Jul 26, 2001)
• LinuxPlanet: .comment: The Weakest Link(Jul 25, 2001)
• Red Rock Eater: "Code Red" Worm(Jul 21, 2001)