For the CodeRed and Nimda worms, you are correct. They will not be able to
exploit the buffer overflow since the server returns a 401 instead of
processing the request. However, this really doesn't protect you. One of
your users could use the overflow against you since they can authenticate.

It isn't safe to assume that you won't be a victim of a buffer overflow if
you don't allow anonymous access and you can trust all of your users. The
web server still processes some information before it returns a 401. If
someone exploits something in one of these routines, you will be owned.
Installing security patches is always important.

Good luck,
Tom

> -----Original Message-----
> From: Oscar Batyrbaev [mailto:batyrix.netcom.com]
> Sent: Friday, September 28, 2001 11:57 PM
> To: INCIDENTSSECURITYFOCUS.COM; www-mobile-codeSECURITYFOCUS.COM;
> bugtraqSECURITYFOCUS.COM
> Subject: CodeRed/Nimda and other buffer overflow expoits and web server
> athentication
>
> Hi,
>
> Can CodeRed/Nimda and other buffer overflow exploits still work if all
> .asp
> .htm, .ida , etc. files are required to be authenticated with say http
> 1.1
> authentication (the one that pops up the dialog box or any other kind)
> that
> is preceded by uname/password authentication to establish a session key?
> Will it prevent the malicious http request from getting to be executed
> since
> it may not be authenticated yet, etc?
>
> Thanks.
> OGB
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]